header-logo
Suggest Exploit
vendor:
Finger Server
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: Finger Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: cpe:a:securityfocus:finger_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2001

The Finger Server’ Remote Command Execution

The Finger Server is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking, it is possible for remote unauthenticated users to execute shell commands on the server which will run with the privileges of the webserver. A request like: http://target/finger.cgi?action=archives&cmd=specific&filename=99.10.28.15.23.username.|<shell command>| will cause the server to execute whatever command is specified.

Mitigation:

Input validation should be performed to ensure that user-supplied data is not used to execute arbitrary commands.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/974/info

'The Finger Server' is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking it is possible for remote unauthenticated users to execute shell commands on the server which will run with the priveleges of the webserver. 

A request like:
http ://target/finger.cgi?action=archives&cmd=specific
&filename=99.10.28.15.23.username.|<shell command>|
(split for readability)
will cause the server to execute whatever command is specified.

Navigation

Suggest Exploit

Services By CQR