WebWho+ ADVISORY

From: Cody T. - hhp (hhpat_private)
Date: Sun Dec 26 1999 - 02:04:59 PST

Next message: Pavel Machek: "strace can lie"

Previous message: Matt: "Fw: Re-release of Microsoft Security Bulletin MS99-046"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

              WebWho+ - ADVISORY.
                 hhp-ADV#13
            11/26/99 2:48:03am CST
                By: loophole
    hhpat_private - http://hhp.perlx.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
What?: Hole in WebWho+, a whois cgi.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Version(s)?: v1.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit!:
WebWho+ v1.1  checks  for  shell escape
characters  in its 'command' parameter,
but what keeps us from changing the pre
seleted, default TLD options.

WebWho+ v1.1 does NOT check for shell
espace  characters in its 'type'(TLD)
peremeter  which  is  what  is  being
exploited.

The exploit is available to download via:
http://hhp.perlx.com/ourexploits/hhp-webwho.pl
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fix?:
Download a secure, shell espace character
parsing  whois  common  gateway interface
from:
http://cgi.resourceindex.com/Programs_and_
Scripts/Perl/Internet_Utilities/Whois/

Read:
http://hhp.perlx.com/ouradvisories/hhp-Whois.txt
before deciding which is secure.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Shouts to all of hhp.
9d9->2t0(Boom/Repair/Glory);
------------------------------------------------

Next message: Pavel Machek: "strace can lie"
Previous message: Matt: "Fw: Re-release of Microsoft Security Bulletin MS99-046"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:23:32 PDT