| VID |
21772 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Looking Glass is vulnerable to a command execution vulnerability via the target parameter. Looking Glass provides a Web interface written a CGI script to various network utilities such as ping, traceroute, and whois. Looking Glass versions 20040427 and 1.0 is vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting attacks and compromise a vulnerable system.
1) Input passed to the "version" array parameter in footer.php and header.php is not properly sanitized before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed to the "target" parameter in lg.php is not properly sanitized before being used in a "system()" call. This can be exploited to inject arbitrary shell commands via e.g. the "|" pipe character.
* References:
http://rgod.altervista.org/lookingglass.html
http://archives.neohapsis.com/archives/bugtraq/2005-08/0381.html
http://de-neef.net/articles.php?id=2&page=1
http://secunia.com/advisories/16607/
* Platforms Affected:
Intermedia Communications (formerly Digex), Looking Glass 20040427
Intermedia Communications (formerly Digex), Looking Glass 1.0
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
Edit the source code to ensure that input is properly sanitized. |
| Related URL |
CVE-2005-2776,CVE-2005-2777 (CVE) |
| Related URL |
14680,14682 (SecurityFocus) |
| Related URL |
22044,22045 (ISS) |
|
