CCBill whereami.cgi Arbitrary Command Execution

2003-07-03T00:00:00
ID OSVDB:3395
Type osvdb
Reporter OSVDB
Modified 2003-07-03T00:00:00

Description

Vulnerability Description

CCBill whereami.cgi contains a flaw that allows a remote attacker to execute arbitrary commands on a vulnerable system. The issue is due to the script not sanitizing input on the "g" variable. Attackers can supply arbitrary unix commands that will be executed under the user privileges of the web server.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

CCBill whereami.cgi contains a flaw that allows a remote attacker to execute arbitrary commands on a vulnerable system. The issue is due to the script not sanitizing input on the "g" variable. Attackers can supply arbitrary unix commands that will be executed under the user privileges of the web server.

Manual Testing Notes

http://[victim]/ccbill/whereami.cgi?g=cat%20../../../../etc/password

http://[victim]/cgi-bin/whereami.cgi?g=ls%20-la

References:

Vendor URL: http://www.ccbill.com/ Secunia Advisory ID:9191 Other Advisory URL: http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/0052.html ISS X-Force ID: 12527 Generic Informational URL: http://securityresponse.symantec.com/avcenter/security/Content/8095.html Generic Informational URL: http://www.securiteam.com/securitynews/5WP062AAKC.html Bugtraq ID: 8095