=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Вс, 26 дек 1999  13:04:59

   От: "Cody T. - hhp" <hhp@HHP.PERLX.COM>

 Кому: BUGTRAQ@SECURITYFOCUS.COM

 Тема: WebWho+ ADVISORY

--------------------------------------------------------------------------------




              WebWho+ - ADVISORY.

                 hhp-ADV#13

            11/26/99 2:48:03am CST

                By: loophole

    hhp@hhp.perlx.com - http://hhp.perlx.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

What?: Hole in WebWho+, a whois cgi.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Version(s)?: v1.1

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Exploit!:

WebWho+ v1.1  checks  for  shell escape

characters  in its 'command' parameter,

but what keeps us from changing the pre

seleted, default TLD options.



WebWho+ v1.1 does NOT check for shell

espace  characters in its 'type'(TLD)

peremeter  which  is  what  is  being

exploited.



The exploit is available to download via:

http://hhp.perlx.com/ourexploits/hhp-webwho.pl

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fix?:

Download a secure, shell espace character

parsing  whois  common  gateway interface

from:

http://cgi.resourceindex.com/Programs_and_

Scripts/Perl/Internet_Utilities/Whois/



Read:

http://hhp.perlx.com/ouradvisories/hhp-Whois.txt

before deciding which is secure.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Shouts to all of hhp.

9d9->2t0(Boom/Repair/Glory);

------------------------------------------------