CGI Generic Command Execution (time-based, intrusive)

high Nessus Plugin ID 51528

Synopsis

It may be possible to run arbitrary code on the remote web server.

Description

The remote web server hosts CGI scripts that seem to fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to execute arbitrary commands on the remote host.

Note that :

- This script uses a time-based detection method that is less reliable than the basic method.

- The method is intrusive and may lock the web server if the web application is allows Command Injection. If this happens, restart the web server.

Solution

Restrict access to the affected application and contact the vendor for a patch or upgrade.

See Also

https://en.wikipedia.org/wiki/Code_injection

http://projects.webappsec.org/w/page/13246950/OS%20Commanding

Plugin Details

Severity: High

ID: 51528

File Name: torture_cgi_command_exec3.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 1/14/2011

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests

Reference Information

CWE: 20, 713, 722, 727, 74, 77, 78, 928, 929