Exploit DNSTools Software DNSTools 1.0.8/1.10 - Input Validation

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19786
Проверка EDB
  1. Пройдено
Автор
JONATHAN LETO
Тип уязвимости
REMOTE
Платформа
CGI
CVE
cve-2000-0177
Дата публикации
2000-03-02
DNSTools Software DNSTools 1.0.8/1.10 - Input Validation
Код:
source: https://www.securityfocus.com/bid/1028/info

A vulnerability exists in the 1.0.8 release of DNSTools (labeled on some areas of their site as 1.08), from DNSTools Software. By manipulating the contents of certain post variables, arbitrary code may be executed.

Note that version 1.10 is reportedly still vulnerable. See message from Wolfgang Wiese <[email protected]> in reference section.

The problem stems from the following code:

$host_name = $CGI->param("host_name"); 
$domain_name = $CGI->param("domain_name");

$error_description = ""; 
my $error_code = system("/usr/local/dnstools/delete_mx -d \"$domain_name\" -n \"$host_name\"");

No escaping or input validation is performed. This makes it easy for a would be attacker to execute arbitrary commands, as the user the webserver or cgi-bin is being run as.

The key to this exploit is causing the system() call to execute commands other than the intended one. The following would cause a directory listing: GET /~jed/cgi-bin/test.pl?domain_name=\"\;ls\" HTTP/1.0
 
Источник
www.exploit-db.com

Похожие темы