• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

WebGlimpse Character Filtering Arbitrary Command Execution Vulnerability

WebGlimpse is a web search and index software package. It is maintained by public domain, and licensed by the University of Arizona.

WebGlimpse does not properly sanitize input. By not doing so, it is possible for a remote user to pass arbitrary commands through the web interface to the underlying system. This problem can be exploited through encapsulating arbitrary commands with backquotes (`). This could allow remote command execution with the privileges of the http server process.