| VID |
21209 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The directory.php script, developed by Marcus S. Xenakis, could allow a remote attacker to execute shell commands on the system.
The directory.php script provides a web interface for directory listings, similar to the 'ls' command. An issue exists in this script which could allow a remote user to execute arbitrary shell commands. This is achieved by including metacharacters such as ; or | in the script's input. Shell commands will execute with the permissions of the script process, often a non-privileged user 'nobody'.
You can test this problem using an web browser by the following request:
http://www.vulnerableserver.com/directory.php?dir=%3Bmore%20/etc/passwd
will show you the Password File.
http://www.vulnerableserver.com/directory.php?dir=%3Bps+-aux
will show you all running processes.
* References:
http://online.securityfocus.com/bid/4278
http://www.iss.net/security_center/static/8440.php |
| Recommendation |
No remedy available as of June 2014. Disable 'directory.php' script until a fix is provided. |
| Related URL |
CVE-2002-0434 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
