mailform - form-to-mail.cgi

download from: http://www.newbreedsoftware.com/


problem description:

the unchecked parameter "_out_file" allows an attacker to create and write any
file on system with webservers permissions.


(which makes it pretty dangerous)

example:

http://www.dumbasssite.com/cgi-bin/form-to-mail.cgi?content=xxx&_out_file=yes.php3



RC-EOF