Preface: classifieds.cgiLogo -Internet Security Systems

classifieds.cgi
advICE :Intrusions : 2002590
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

Somebody has accessed this potentially vulnerable script.

Details

The classifieds.cgi script was written by Greg Mathews and is widely used by many websites. Older versions of this script do not check the input. There are many ways it can be exploited either to grab unauthorized files from the server or break into it.

There are two specific FORM fields that are of concern. The first is the <input name=return> field. It is intended that the user could enter their e-mail address. However, the attacker can add shell metacharacters to this field in order to grab files or execute programs.

The second field is <input name=mailprog>, which tells the CGI script which program it should execute in order to send e-mail. The attacker can supplied whatever program (and parameters) he/she wants. This can be used to completely compromise the server.

 more information
CVE-1999-0934   classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters.
 
Greg Mathews CGI scripts page  
 

 parametric information
URLThe suspicious URL.
accessedIndicates whether the URL was successfully accessed.
codeThe HTTP return code.
argThe argument to the GET command (if any).

 
Version appeared: 2.5
Privacy Policy |  Copyright Info