source: http://www.securityfocus.com/bid/719/info AnyForm is a popular form CGI designed to support simple forms that deliver responses via email. Certain versions of AnyForm did not perform user supplied data sanity checking and could be exploited by remote intruders to execute arbitrary commands. These commands were issued as the UID which the web server runs as, typically 'nobody'. Exploit as taken from the original post on this issue: To exploit, create a form with a hidden field something like this: <input type="hidden" name="AnyFormTo" value="email@example.com;command-to-execute with whatever arguments;/usr/lib/sendmail -t firstname.lastname@example.org "> Then submit the form to the "AnyForm" CGI on the server to be attacked. The value of this parameter is passed to this code: SystemCommand="/usr/lib/sendmail -t " + AnyFormTo + " <" + CombinedFileName; system(SystemCommand); Since system invokes a shell, the semicolons are treated as command delimeters and anything can be inserted
Related ExploitsTrying to match CVEs (1): CVE-1999-0066
Trying to match OSVDBs (1): 1116
Other Possible E-DB Search Terms: John S.2 Roberts AnyForm 1.0/2.0, John S.