GEN:SID 1:2396
Message WEB-CGI CCBill whereami.cgi arbitrary command execution attempt
Summary This event is generated when an attacker attempts to execute an arbitrary command on a web server running the CCBill software.
Impact Execution of arbitrary commands.
Detailed Information The CCBill software is available to manage credit card information for UNIX and Windows hosts.  The script whereami.cgi is used for technical support of the software.  A vulnerability exists in the whereami.cgi script that allows the execution of arbitrary commands from an attacker who passes a command via whereami.cgi?g=command format in a URL.  Supplied commands can list file names, show the contents of the password file, or install a backdoor to name a few actions that an attacker may attempt.
Affected Systems Hosts running CCBill software that has the whereami.cgi in the server's CGI path.
Attack Scenarios An attacker can send a request to execute an arbitrary command.
Ease of Attack Simple.
Corrective Action Remove the whereami.cgi command.
Additional References bugtraq
http://www.securityfocus.com/bid/8095
Rule References bugtraq: 8095
url: secunia.com/advisories/9191/