On
Ah. This happens, when I click on the link to http://83.171.225.52/
For example, what happens, if input name="host" contains a string in backquotes. Are you cutting these away, or is the result executed in any way?
BTW: it's unnecessary to add the hostname within an input tag again. And: Your site is not valid HTML:
This sounds like you're vulnerable. DIR is an internal command of CMD.EXE, try http://dell/cgi-bin/index.pl?select=`cmd.exe /c dir` or try a path in front of the command.
Yes. It's just not HTML, though. And not every browser will display it as you want it.
Yours, VB.
In Message-ID: posted on 24 Aug 2005 00:12:20
+0200, Volker Birk wrote: Begin
My browser (Opera behind Proxomitron) doesn't show much at all, the kind of site I usually just ignore when looking for something.
Just try http://dell/cgi-bin/index.pl?select=`cmd.exe` Yours, VB.
No such file or directory at D:\\www\\cgi-bin\\index.pl line 37.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.