Bug Report
Name: gbook.cgi remote command execution vulnerability
Release Date: 2000.11.10
Affected Application:
GBook - A web site guestbook
By Bill Kendrick
[email protected]
http://zippy.sonoma.edu/kendrick/
Author: [email protected]
Type: Input validation Error
Explanation
gbook.cgi is used by some web sites.
We can set _MAILTO parameter, and popen is called to execute mail command.
If ';' is used in _MAILTO variable, you can execute arbitrary command with it.
It's so trivial. :)
Exploits
This exploit executes "ps -ax" command and sends the result to [email protected].