<plugin_id>37</plugin_id>
<plugin_name>Virgil CGI Scanner 0.x command execution</plugin_name>
<plugin_family>HTTP</plugin_family>
<plugin_created_date>2003/11/14</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/14</plugin_updated_date>
<plugin_version>2.0</plugin_version>
<plugin_changelog>Optimized the trigger pattern to be more accurate in version 1.3. Corrected the plugin structure and added the accuracy values in 1.4. Improved the pattern matching and introduced the plugin changelog in 2.0</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>80</plugin_port>
<plugin_procedure_exploit>open|send GET /cgi-bin/virgil.cgi?tar=-le/bin/sh HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# 200 *</plugin_procedure_exploit>
<plugin_exploit_accuracy>99</plugin_exploit_accuracy>
<plugin_comment>This plugin was written with the ATK Attack Editor.</plugin_comment>
<bug_advisory>http://www.securityfocus.com/archive/1/296635</bug_advisory>
<bug_affected>Virgil CGI Scanner 0.x up to 0.9</bug_affected>
<bug_not_affected>Virgil CGI Scanner newer than 0.9</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>Virgil CGI Scanner is an open-source CGI scanner with web frontend. The software fails to sufficiently sanitize user-supplied input. By passing a malicious value to a CGI variable, it may be possible for a remote attacker to execute arbitrary system commands, with the privileges of the webserver process.</bug_description>
<bug_solution>Upgrade to Virgil CGI Scanner 1.0 or use htaccess authentication for the scanning service.</bug_solution>
<bug_fixing_time>15 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_exploit_url>http://www.securityfocus.com/bid/6031/exploit/</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>High</bug_severity>
<bug_popularity>5</bug_popularity>
<bug_simplicity>7</bug_simplicity>
<bug_impact>8</bug_impact>
<bug_risk>7</bug_risk>
<source_securityfocus_bid>6031</source_securityfocus_bid>
<source_secunia_id>7368</source_secunia_id>
<source_literature>Hacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X</source_literature>
<source_misc>http://www.computec.ch</source_misc>