7 lines
No EOL
494 B
Text
7 lines
No EOL
494 B
Text
source: http://www.securityfocus.com/bid/152/info
|
|
|
|
A vulnerability exists in the WWW Authorization Gateway program written by Ray Chan. Version 1.0 fails to eliminate characters with special meaning to the shell prior to executing a command. As a result, an attacker can utilize certain characters to execute arbitrary commands on a system remotely, as whatever user invoked the cgi-bin.
|
|
|
|
Place the following as a username:
|
|
| some command
|
|
and any password. The command will be executed. |