Leif M. Wright everythingform.cgi Arbitrary Command Execution Vulnerability

info
discussion
exploit
solution
references

Leif M. Wright everythingform.cgi Arbitrary Command Execution Vulnerability

An input validation vulnerability exists in Leif M. Wright's everything.cgi, a Perl-based form design tool.

The script fails to properly filter shell commands from user-supplied input to the 'config' field.

As a result, the script can be made to run arbitrary shell commands with the privilege of the web server.