Mountain Network Systems webcart.cgi Command Execution

2001-10-18T00:00:00
ID OSVDB:2087
Type osvdb
Reporter OSVDB
Modified 2001-10-18T00:00:00

Description

Vulnerability Description

The Mountain Network Systems webcart.cgi script allows a remote attacker to execute arbitrary commands. The issue is due to the script not validating input supplied to the NEXTPAGE parameter. By using a carefully constructed URL, an attacker can execute any command on the remote system.

Solution Description

Upgrade to version 2003 Professional or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The Mountain Network Systems webcart.cgi script allows a remote attacker to execute arbitrary commands. The issue is due to the script not validating input supplied to the NEXTPAGE parameter. By using a carefully constructed URL, an attacker can execute any command on the remote system.

Manual Testing Notes

http://[victim]/cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;id|&CODE=PHOLD

References:

Nessus Plugin ID:11095 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-10/0159.html ISS X-Force ID: 7315 Generic Informational URL: http://www.mountain-net.com/ Generic Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/WebCart.pl CVE-2001-1502 Bugtraq ID: 3453