CCBill's whereami.cgi vunerable to remote

malicious attackers can run arbitrary commands on your servers if you are using ccbill.

A vulnerability has been reported in CCBill whereami.cgi, which can be exploited by malicious people to compromise a vulnerable system. It is possible to supply system commands to the "g" parameter, which allows execution of arbitrary commands with the privileges of the web service.

you can safely delete whereami.cgi without effecting the way the site or ccbill's software works

webair techs have already disabled it on all managed servers and virtual servers, and we recommend anyone else do the same

more info
http://www.secunia.co.uk/advisories/9191/
http://www.securitytracker.com/aler...ul/1007100.html

and you can call ccbill to confirm i guess

 

 

 

 

Top