Advisories : Vulnerability in Kootenay Web Inc's KW Whois v1.0

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : Vulnerability in Kootenay Web Inc's KW Whois v1.0

Title:	Vulnerability in Kootenay Web Inc's KW Whois v1.0
Released by:	Mark Stratman
Date:	30th October 2000
Printable version:	Click here

Greetings,



There is a vulnerability in Kootenay Web Inc's KW Whois v1.0 which allows

malicious users to execute commands as the uid/gid of the webserver.

The hole lies in unchecked user input via an input form box.

The form element  is not checked by the

script for unsafe characters.

Unsafe code:

$site = $query->param('whois');

....

$app = `whois $site`;

print "$app .......



Proof of concept:

Type ";id" (without the quotes) into the input box.



cheers.

Mark Stratman (count0)

(mstrat1@uic.edu)

http://sporkstorms.org