source: http://www.securityfocus.com/bid/974/info 'The Finger Server' is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking it is possible for remote unauthenticated users to execute shell commands on the server which will run with the priveleges of the webserver. A request like: http ://target/finger.cgi?action=archives&cmd=specific &filename=220.127.116.11.23.username.|<shell command>| (split for readability) will cause the server to execute whatever command is specified.
Related ExploitsTrying to match CVEs (1): CVE-2000-0128
Trying to match OSVDBs (1): 7610
Other Possible E-DB Search Terms: Daniel Beckham The Finger Server 0.82 Beta, Daniel Beckham The Finger Server