Jack's formmail.php Malformed HTTP Referer Arbitrary File Upload

2004-02-06T04:17:40
ID OSVDB:3876
Type osvdb
Reporter OSVDB
Modified 2004-02-06T04:17:40

Description

Vulnerability Description

Jack's FormMail.php contains a flaw that may allow a malicious user to upload arbitrary files, due to an absence of validation in the 'check_referer()' function. It is possible that the flaw may allow execution of arbitrary code in uploaded files resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):

Write protect all public folders to ensure that files can only be written to a dedicated and protected upload folder.

Short Description

Jack's FormMail.php contains a flaw that may allow a malicious user to upload arbitrary files, due to an absence of validation in the 'check_referer()' function. It is possible that the flaw may allow execution of arbitrary code in uploaded files resulting in a loss of confidentiality, integrity, and/or availability.

References:

Vendor URL: http://www.dtheatre.com/scripts/formmail Secunia Advisory ID:10815 Other Advisory URL: http://marc.theaimsgroup.com/?l=bugtraq&m=107619109629629&w=2 ISS X-Force ID: 15079 CVE-2004-0259 Bugtraq ID: 9591