Bugtraq mailing list archives
Remote command execution via KW Whois 1.0
From: Mark Stratman <mstrat1 () UIC EDU>
Date: Sun, 29 Oct 2000 04:30:49 -0600
Greetings, There is a vulnerability in Kootenay Web Inc's KW Whois v1.0 which allows malicious users to execute commands as the uid/gid of the webserver. The hole lies in unchecked user input via an input form box. The form element <input type=text name="whois"> is not checked by the script for unsafe characters. Unsafe code: $site = $query->param('whois'); .... $app = `whois $site`; print "$app ....... Proof of concept: Type ";id" (without the quotes) into the input box. cheers. Mark Stratman (count0) (mstrat1 () uic edu) http://sporkstorms.org
Current thread:
- Remote command execution via KW Whois 1.0 Mark Stratman (Oct 30)
- Re: Remote command execution via KW Whois 1.0 (addition) Mark Stratman (Oct 30)