Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: httpd80.htm

WebWho+ (a whois cgi) shell escape characters vulnerability

    WebWho+ (a whois cgi)


    Those using WenWho+ v1.1


    Following is based on hhp-ADV#13.   WebWho+ v1.1 checks for  shell
    escape characters  in its  'command' parameter, but what keeps  us
    from changing the pre seleted, default TLD options.  WebWho+  v1.1
    does NOT  check for  shell espace   characters in  its 'type'(TLD)
    peremeter which is what is being exploited.

    The exploit is available to download via:

    Download a  secure, shell  espace character  parsing whois  common
    gateway interface from:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH