SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   NC Book Vendors:   NetCode
NetCode NC Book Perl-based Guestbook Script Lets Remote Users Execute Commands on the Server
SecurityTracker Alert ID:  1002198
SecurityTracker URL:  http://securitytracker.com/id/1002198
CVE Reference:   CVE-2001-1114   (Links to External Site)
Updated:  Sep 13 2006
Original Entry Date:  Aug 15 2001
Impact:   Execution of arbitrary code via network
Exploit Included:  Yes  
Version(s): 0.2b
Description:   A vulnerability was reported in the NetCode NC Book guestbook software. A remote user can execute arbitrary operating system commands on the server.

The perl-based script allows remote users to execute arbitrary code using the following type of URL request:

http://[targethost]/cgi-bin/ncbook/book.cgi?action=default&current=|ls -la/|&form_tid=996604045&prev=main.html&list_message_index=10

In the example above, the remote user can retrieve the contents of a directory on the server. It is reported that other commands can also be executed, such as 'cat and 'rm'.

[Editor's Note: The report indicates that the vendor web site is http://netcode.lgg.ru/vault/ncbook/, but we were unable to locate a vendor web page at this site or any other site.]

Impact:   A remote user can execute commands on the server with the privileges of the web server.
Solution:   No solution was available at the time of this entry.
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  NetCode NC Book 0.2b remote command execution vulnerability


* more than 20 servers were successfly cracked 
using this 'little' hole *

------[ PoizonB0x Advisory#6 pb0x-06-08-2001 ]---------

-NAME:
 NetCode NC Book 0.2b remote command execution 
vulnerability.

-DESCRIPTION: 
 NetCode's GuestBook. Find more info about it here:
http://netcode.lgg.ru/vault/ncbook/

-PROBLEM:
 A pretty big hole in the main script of that guestbook 
leads to command execution on the remote server 
running this vulnerable perl script.


-EXPLOIT: 
ex.: http://target/cgi-bin/ncbook/book.cgi?
action=default&current=|ls -
la/|&form_tid=996604045&prev=main.html&list_mess
age_index=10

!The above line if given will output the file contents of 
the kernel dir. Also you can execute any commands 
(ls, cat, rm etc)


-AUTHORs:
 Discovery: digitalseed and ksenor
 Advisory: digitalseed

-DISCLAIMER:
 PoizonB0x may not be held liable for the use or 
potential effects of these programs or advisories, nor 
the content contained within. Use them at your own 
risk.

-COPYRIGHT:
 PoizonB0x Crew - 
 www.poizonb0x.org (c) 2000-2001
  L...Future Security...l

------[ PoizonB0x Advisory#1 pb0x-06-08-2001 ]---------


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC