Arbitrary Shell Command Execution in MyQuiz
Summary
- Vulnerability
- Arbitrary Shell Command Execution in MyQuiz
- Discovered
- 2006.02.03
- Last Update
- 2006.02.06 Solution added
- ID
- EV0057
- CVE
- CVE-2006-0628
- Risk Level
- high
- Type
- Command Execution
- Status
- Patched
- Vendor
- n/a
- Vulnerable Software
- MyQuiz (http://www.corantodemo.net/)
- Version
- 1.01
- PoC/Exploit
- Available
- Solution
- Available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Command Execution found in MyQuiz (http://www.corantodemo.net/) script.
Vulnerable Script: myquiz.pl
Variable $ENV{'PATH_INFO'} isn't properly sanitized. This can be used to execute arbitrary commands.
System access is possible.
PoC/Exploit
Url Example:
http://host/cgi-bin/myquiz.pl/ask/;command|
Solution.
Vendor-provided solution is available now.
New version of script can be downloaded here:
http://www.corantodemo.net/coranto/viewnews.cgi?id=EpApAAAVkyirPGThSf&style=dldetails