Matt Wright FormMail Environmental Variables Disclosure Vulnerability
BID:1187
Info
Matt Wright FormMail Environmental Variables Disclosure Vulnerability
| Bugtraq ID: | 1187 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 10 2000 12:00AM |
| Updated: | May 10 2000 12:00AM |
| Credit: | Posted to Bugtraq on May 10, 2000 by Black Watch Labs <[email protected]>. |
| Vulnerable: |
Matt Wright FormMail 1.8 Matt Wright FormMail 1.7 Matt Wright FormMail 1.6 |
| Not Vulnerable: |
Matt Wright FormMail 1.9 |
Discussion
Matt Wright FormMail Environmental Variables Disclosure Vulnerability
An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email address to send the details to. This is accomplished by specifying a particular CGI environmental variable such as PATH, DOCUMENT_ROOT, SERVER_PORT in the specially formed URL which will email the results to the address given. The information obtained could possibly be used to assist in a future attack.
An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email address to send the details to. This is accomplished by specifying a particular CGI environmental variable such as PATH, DOCUMENT_ROOT, SERVER_PORT in the specially formed URL which will email the results to the address given. The information obtained could possibly be used to assist in a future attack.