mailformular - alienform (af.cgi)


download from: http://cgi.tj/scripts/alienform/

Description:

due to missing input-validation and a "bad" perl "open" it
is possible to issue op-system commands with the webserver s permission

example:

http://www.uarggg.com/cgi-bin/af.cgi?_browser_out=|/bin/ls|

Version:  Multiple

Vendor-Status:  Informed(04.2000)

RC-EOF