Multiple Vendor whois CGI元字符漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105603 漏洞类型 输入验证
发布时间 1999-11-09 更新时间 2006-09-22
CVE编号 CVE-1999-0985 CNNVD-ID CNNVD-199911-033
漏洞平台 CGI CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/20433
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199911-033
|漏洞详情
CCWhois程序whois.cgi存在漏洞。远程攻击者可以通过域入口的shell元字符执行任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/2000/info

Whois scripts provide InterNIC lookup services via HTTP. The vulnerable scripts include versions of Matt's Whois and CGI City Whois. Older versions of these fail to filter metacharacters, allowing execution of arbitrary commands by embedding the commands in the domain name to lookup. Specifically, the UNIX command separation character ";" can be used to execute commands. Successful exploitation of this vulnerability would allow an attacker to execute commands with the privileges of the web server process, which could result in retrieval of sensitive information, web defacements, etc. 

Depending on the specific script used, the following syntaxes have been shown to allow intrusion:

1) ;command
2) ";command
3) ;command;
|参考资料
VulnerablesoftwareandversionsConfiguration1OR*cpe:/a:cc:cc_whois:1.0*DenotesVulnerableSoftware*ChangesrelatedtovulnerabilityconfigurationsTechnicalDetailsVulnerabilityType(ViewAll)CVEStandardVulnerabilityEntry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0985