Name: W3Mail 1.0.2 Personal and Commercial Version

Author: Spencer Miles

Problem: Script doesnt check for special metacharacters like
&;`'\"|*?~<>^()[]{}$\n\r. Any webmail user can execute *nix
commands on webserver.

Exploit:
On any field at "Compose Message", put something like:
(Recipient example)
foobar.com"; `/bin/touch /tmp/foobar`; $foo = "bar

Fix:
Filter this metacharacters on sendmessage.cgi and others..

[]s

 --corb

--
Lord, grant me the serenity to accept the things I cannot
change, the courage to change the things I can, and the 
wisdom to hide the bodies of the people I had to kill because 
they pissed me off.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]