header-logo
Suggest Exploit
vendor:
X-Chat
by:
SecurityFocus
8.8
CVSS
HIGH
Command Injection
78
CWE
Product Name: X-Chat
Affected Version From: 1.4.2002
Affected Version To: Earlier
Patch Exists: YES
Related CWE: N/A
CPE: a:xchat:xchat
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2001

Command Injection in X-Chat

X-Chat versions 1.4.2 and earlier are vulnerable to command injection attacks. By supplying commands enclosed in backticks (``) in URL's sent to X-Chat, it is possible to execute arbitrary commands should the X-Chat user decide to view the link by clicking on it. This is due to the manner in which X-Chat launches pages for viewing, which does not check for shell metacharacters in the supplied URL, allowing for an attacker to exploit shell expansion capabilities to execute commands as the user running Netscape.

Mitigation:

Users should upgrade to the latest version of X-Chat, which is not vulnerable to this attack.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1601/info

A vulnerability exists in versions 1.4.2 and earlier of the X-Chat IRC client. By supplying commands enclosed in backticks (``) in URL's sent to X-Chat, it is possible to execute arbitrary commands should the X-Chat user decide to view the link by clicking on it. This is due to the manner in which X-Chat launches pages for viewing.

X-Chat launches Netscape without checking for shell metacharacters in the supplied URL. This allows for an attacker to exploit shell expansion capabilities to execute commands as the user running Netscape.

http://www.altavista.com/?x=`date`y='`date`'

Navigation

Suggest Exploit

Services By CQR