Bugtraq mailing list archives
WebWho+ ADVISORY
From: hhp () HHP PERLX COM (Cody T. - hhp)
Date: Sun, 26 Dec 1999 04:04:59 -0600
WebWho+ - ADVISORY. hhp-ADV#13 11/26/99 2:48:03am CST By: loophole hhp () hhp perlx com - http://hhp.perlx.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ What?: Hole in WebWho+, a whois cgi. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Version(s)?: v1.1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Exploit!: WebWho+ v1.1 checks for shell escape characters in its 'command' parameter, but what keeps us from changing the pre seleted, default TLD options. WebWho+ v1.1 does NOT check for shell espace characters in its 'type'(TLD) peremeter which is what is being exploited. The exploit is available to download via: http://hhp.perlx.com/ourexploits/hhp-webwho.pl ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fix?: Download a secure, shell espace character parsing whois common gateway interface from: http://cgi.resourceindex.com/Programs_and_ Scripts/Perl/Internet_Utilities/Whois/ Read: http://hhp.perlx.com/ouradvisories/hhp-Whois.txt before deciding which is secure. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Shouts to all of hhp. 9d9->2t0(Boom/Repair/Glory); ------------------------------------------------
Current thread:
- Re: ftp conversions exploit Desi Hacker (Dec 21)
- Re: ftp conversions exploit David Malone (Dec 22)
- Re: ftp conversions exploit Alexey Chetroi (Dec 23)
- Re: ftp conversions exploit Gregory A Lundberg (Dec 24)
- WebWho+ ADVISORY Cody T. - hhp (Dec 26)
- Re: ftp conversions exploit Alexey Chetroi (Dec 23)
- Re: ftp conversions exploit Lamont Granquist (Dec 27)
- Re: ftp conversions exploit David Malone (Dec 22)