CdomainFree <= 2.4 - Remote File Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/304/info A vulnerability in a CGI program part of CdomainFree allows remote malicious users to run any executable already existing to the machine. The vulnerability is in the whoisraw.cgi program. This CGI passes user inp...

Common 2 7 ＣＧＩ vulnerability methods of attack-vulnerability warning-the black bar safety net

A. phf vulnerability The phf vulnerability seems to be the most classic,almost all of the articles will be introduced,you can execute Server commands,such as display the/etc/passwd: lynx http://www.victim.com/cgi-bin/phf?Q...t%20/etc/passwd But we can still find it? II. php. cgi 2. 0beta10 or...

CVE-1999-1063

The CVE-1999-1063 entry concerns the CDomain whois_raw.cgi CGI script, where the fqdn parameter accepts shell metacharacters, enabling remote attackers to execute arbitrary commands. This is evidenced by the core description and corroborated by the Nessus NASL entry for CDomainFree’s whois_raw.cg...

whois_rawcgi.txt

Date: Tue, 1 Jun 1999 00:34:51 +0200 From: Salvatore Sanfilippo -antirez- To: [email protected] Subject: whoisraw.cgi problem Hi, sorry if this has already been known. There is a problem in whoisraw.cgi, called from whois.cgi. whoisraw.cgi is part of cdomain v1.0. I don't know if new versions...