source: wwwsecurityfocuscom/bid/892/info
WebWho+ is a free cgi script written by Tony Greenwood for executing whois queries via the www Though it does perform checks for shell escape characters on some parameters, it misses the 'type' variable and allows for malicious input to be sent to a shell It is possible to execute arbitrary comma ...