5 lines
No EOL
606 B
Text
5 lines
No EOL
606 B
Text
source: http://www.securityfocus.com/bid/2020/info
|
|
|
|
Classifieds.cgi is a perl script (part of the classifieds package by Greg Matthews) which provides simple classified ads to web sites. Due to improper input validation it can be used to read files on the host machine, with the privileges of the web server. This can be accomplished by embedding the input redirection metacharacter along with a filename into the form field used for e-mail address entry (<input name=return>). Any file that the web server process has read access to can be retrieved.
|
|
|
|
Submit email@host</etc/passwd as e-mail address. |