#178 root command execution with nmap scan

[Anonymous]

the ip address input field for an nmap scan is vulnerable and can be used to take over the server that is used for nmap scans.
by entering a command after the ip address the command will be executed as root by cron.

ip address example: 192.168.2.1 | shutdown
will shutdown the server

ip address example: 1.1.1.1 | touch /root/blah.tst
creates file blah.tst

tested on freebsd 7.2 with inprotect 1.00 final and DEV-Inprotect2 (latest available on 26-11-2009)