Matt Wright FormMail 环境变量泄露漏洞

Matt Wright FormMail 环境变量泄露漏洞

漏洞ID 1105829 漏洞类型 访问验证错误
发布时间 2000-05-10 更新时间 2005-05-02
图片[1]-Matt Wright FormMail 环境变量泄露漏洞-安全小百科CVE编号 CVE-2000-0411
图片[2]-Matt Wright FormMail 环境变量泄露漏洞-安全小百科CNNVD-ID CNNVD-200005-037
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19906
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200005-037
|漏洞详情
MattWright’sFormMail公共网关接口脚本存在漏洞,远程攻击者可以通过env_report参数获取环境变量。
|漏洞EXP
source: http://www.securityfocus.com/bid/1187/info

An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email address to send the details to. This is accomplished by specifying a particular CGI environmental variable such as PATH, DOCUMENT_ROOT, SERVER_PORT in the specially formed URL which will email the results to the address given. The information obtained could possibly be used to assist in a future attack.

http:/target/cgibin/formmail.cgi?env_report=PATH&recipient=<email address>&required=&firstname=&lastname=&email=&message=&Submit=<message>
This URL request assumes that the formmail.cgi script is located in the cgibin directory.
|参考资料

来源:www.perfectotech.com
链接:http://www.perfectotech.com/blackwatchlabs/vul5_10.html
来源:BID
名称:1187
链接:http://www.securityfocus.com/bid/1187
来源:BUGTRAQ
名称:20000510BlackWatchLabsVulnerabilityAlert
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html

相关推荐: Web Server Creator Web Portal 0.1 – Remote File Inclusion

Web Server Creator Web Portal 0.1 – Remote File Inclusion 漏洞ID 1053643 漏洞类型 发布时间 2002-11-25 更新时间 2002-11-25 CVE编号 N/A CNNVD-ID N/A…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享