[ SOURCE: http://www.secureroot.com/security/advisories/9735757733.html ] Greetings, There is a vulnerability in Kootenay Web Inc's KW Whois v1.0 which allows malicious users to execute commands as the uid/gid of the webserver. The hole lies in unchecked user input via an input form box. The form element is not checked by the script for unsafe characters. Unsafe code: $site = $query->param('whois'); .... $app = `whois $site`; print "$app ....... Proof of concept: Type ";id" (without the quotes) into the input box. cheers. Mark Stratman (count0) (mstrat1@uic.edu) http://sporkstorms.org