[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Vulnerability in Kootenay Web Inc's KW Whois v1.0

Title: Vulnerability in Kootenay Web Inc's KW Whois v1.0
Released by: Mark Stratman
Date: 30th October 2000
Printable version: Click here
Greetings,



There is a vulnerability in Kootenay Web Inc's KW Whois v1.0 which allows

malicious users to execute commands as the uid/gid of the webserver.

The hole lies in unchecked user input via an input form box.

The form element  is not checked by the

script for unsafe characters.

Unsafe code:

$site = $query->param('whois');

....

$app = `whois $site`;

print "$app .......



Proof of concept:

Type ";id" (without the quotes) into the input box.



cheers.

Mark Stratman (count0)

(mstrat1@uic.edu)

http://sporkstorms.org








(C) 1999-2000 All rights reserved.