header-logo
Suggest Exploit
vendor:
by:
milw0rm.com
9
CVSS
CRITICAL
Command Injection
78
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists:
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2004

Demonstration Exploit URLs

The demonstration exploit URLs provided are vulnerable to command injection. An attacker can manipulate the 'location' parameter to execute arbitrary commands on the target system. The exploit attempts to read the '/etc/passwd' file. The null byte (%00) at the end of the parameter is used to bypass input validation and termination. This vulnerability allows an attacker to gain unauthorized access to sensitive information or execute malicious commands.

Mitigation:

To mitigate this vulnerability, ensure that user input is properly validated and sanitized before being used in a command or query. Implement strong input validation mechanisms and avoid using user input directly in commands or queries without proper sanitization. Additionally, consider using parameterized queries or prepared statements to prevent command injection attacks.
Source

Exploit-DB raw data:

Some demonstration exploit URLs are provided: 

/cgi-bin/cgi/tseekdir.cgi?location=/etc/passwd%00
/cgi-bin /tseekdir.cgi?id=799&location=/etc/passwd%00


# milw0rm.com [2004-09-13]

Navigation

Suggest Exploit

Services By CQR