Plugin ID | 37 |
Plugin name | Virgil CGI Scanner 0.x command execution |
Plugin filename | Virgil CGI Scanner command execution.plugin |
Plugin filesize | 2921 bytes |
Plugin family | HTTP |
Plugin created name | Marc Ruef |
Plugin created email | marc dot ruef at computec dot ch |
Plugin created web | http://www.computec.ch |
Plugin created company | computec.ch |
Plugin created date | 2003/11/14 |
Plugin updated name | Marc Ruef |
Plugin updated email | marc dot ruef at computec dot ch |
Plugin updated web | http://www.computec.ch |
Plugin updated company | computec.ch |
Plugin updated date | 2004/11/14 |
Plugin version | 2.0 |
Plugin changelog | Optimized the trigger pattern to be more accurate in version 1.3. Corrected the plugin structure and added the accuracy values in 1.4. Improved the pattern matching and introduced the plugin changelog in 2.0 |
Plugin protocol | tcp |
Plugin port | 80 |
Plugin procedure exploit | open|send GET /cgi-bin/virgil.cgi?tar=-le/bin/sh HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# 200 * |
Plugin exploit accuracy | 99 |
Plugin comment | This plugin was written with the ATK Attack Editor. |
Bug advisory | http://www.securityfocus.com/archive/1/296635 |
Bug affected | Virgil CGI Scanner 0.x up to 0.9 |
Bug not affected | Virgil CGI Scanner newer than 0.9 |
Bug vulnerability class | Configuration |
Bug description | Virgil CGI Scanner is an open-source CGI scanner with web frontend. The software fails to sufficiently sanitize user-supplied input. By passing a malicious value to a CGI variable, it may be possible for a remote attacker to execute arbitrary system commands, with the privileges of the webserver process. |
Bug solution | Upgrade to Virgil CGI Scanner 1.0 or use htaccess authentication for the scanning service. |
Bug fixing time | 15 minutes |
Bug exploit availability | Yes |
Bug exploit url | http://www.securityfocus.com/bid/6031/exploit/ |
Bug remote | Yes |
Bug local | Yes |
Bug severity | High |
Bug popularity | 5 |
Bug simplicity | 7 |
Bug impact | 8 |
Bug risk | 7 |
Source SecurityFocus BID | 6031 |
Source Secunia ID | 7368 |
Source Literature | Hacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X |
Source Misc. | http://www.computec.ch |