Kootenay Web KW Whois漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106058 漏洞类型 未知
发布时间 2000-10-29 更新时间 2006-09-22
CVE编号 CVE-2000-0941 CNNVD-ID CNNVD-200012-109
漏洞平台 CGI CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/20370
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200012-109
|漏洞详情
KootenayWebKWWhois1.0CGI程序存在漏洞。远程攻击者借助“whois”参数的shell元字符执行任意命令。
|漏洞EXP
source: http://www.securityfocus.com/bid/1883/info

whois is a utility used to find general information and technical details about registered domain names. A vulnerability exists in Kootenay Web Inc's Whois (release v.1.9), a web interface to whois running on a linux server. 

Due to a failure to properly check user-supplied input to a form variable for shell metacharacters, a malicious remote user can trick the script into executing arbitrary code on the host system. At that point an attacker can gain local shell access to the system with the privileges of the webserver. Further compromise (eg, root) may follow.

Unsafe code:
$site = $query->param('whois');
....
$app = `whois $site`;
print "$app .......

Proof of concept:
Type ";id" (without the quotes) into the input box.
|参考资料

来源:XF
名称:kw-whois-meta
链接:http://xforce.iss.net/static/5438.php
来源:BID
名称:1883
链接:http://www.securityfocus.com/bid/1883
来源:BUGTRAQ
名称:20001029Re:RemotecommandexecutionviaKWWhois1.0(addition)
链接:http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html
来源:www.kootenayweb.bc.ca
链接:http://www.kootenayweb.bc.ca/scripts/whois.txt
来源:BUGTRAQ
名称:20001029RemotecommandexecutionviaKWWhois1.0
链接:http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html