GEN:SID | 1:2397 |
Message | WEB-CGI CCBill whereami.cgi access |
Summary | This event is generated when an attacker includes "/whereami.cgi" in a URL, typically aimed at a web server running the CCBill software.
|
Impact | Execution of arbitrary commands.
|
Detailed Information | The CCBill software is available to manage credit card information for UNIX and Windows hosts. The script whereami.cgi is used for technical support of the software. A vulnerability exists in the whereami.cgi script that allows the execution of arbitrary commands from an attacker who passes a command via whereami.cgi?g=command format in a URL. Supplied commands can list file names, show the contents of the password file, or install a backdoor to name a few actions that an attacker may attempt.
|
Affected Systems | Hosts running CCBill software that has the whereami.cgi in the server's CGI path.
|
Attack Scenarios | An attacker can send a request to execute an arbitrary command.
|
Ease of Attack | Simple.
|
Corrective Action | Remove the whereami.cgi command.
|
Additional References | bugtraq http://www.securityfocus.com/bid/8095
|
Rule References | bugtraq: 8095
url: secunia.com/advisories/9191/
|