[26430] in bugtraq
Bug in Eupload
daemon@ATHENA.MIT.EDU ([Zero_Byte])
Wed Jul 31 01:05:41 2002
Date: Tue, 30 Jul 2002 20:16:44 -0300
From: "[Zero_Byte]" <zero_byte@interlap.com.ar>
Reply-To: "[Zero_Byte]" <zero_byte@interlap.com.ar>
Message-ID: <618633860.20020730201644@interlap.com.ar>
To: BugTraq <bugtraq@securityfocus.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------D4C1197DF955CB"
------------D4C1197DF955CB
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
People,
Hi! I found a bug in the Eupload CGI, and I written a little
paper with the explanation, explotation and solution.
In fact everything would be solved with making chmod "0", but in
the 90% it is not used; reason why it is easily exploitable.
I hope they enjoy it.
P.S: I apologize for my poor English; I am Argentinean and
I don't use it very well.
Greetings
Zero_Byte mailto:zero_byte@interlap.com.ar
------------------------------------
[Zero_Byte] zerobyte@agujero.com
El Agujero Negro. Secretos en la red.
==> http://agujero.com <==
------------------------------------
http://listas.agujero.com/lista/oscuro/alta
SUSCRIBETE!
------------D4C1197DF955CB
Content-Type: text/plain; name="Bug in Eupload.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Bug in Eupload.txt"
ICAgICAgICAgICAgICAgICAgICAgICAgICAgDQogICAgICAgICAgICAgICAgICAgICAgICAgICAg
IEJ1ZyBpbiBFdXBsb2FkIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIC0tLS0tLS0tLS0t
LS0tLS0tDQogICAgICAgICAgICAgICAgICB8IEJ5IFplcm9fQnl0ZSB8fCB6ZXJvX2J5dGVAYmln
Zm9vdC5jb20gfA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgSUNRIyA5ODE3Nzc4MSB8
DQoNCg0KDQoxLjEgLSBbIFdoYXQgaXMgRXVwbG9hZD8gXSANCg0KICAgICAgIEV1cGxvYWQsIGlz
IGFuIHdlYiB1dGlsaXR5IHVzZWQgdG8gZmFjaWxpdGF0ZSB0aGUgdXBkYXRlIG9mIHdlYiBzaXRl
cw0KYnkgbWVhbnMgb2Ygc2NyaXB0cyBDR0kuIFRoaXMgdG9vbCBhbGxvd3MgdGhlIGFzY2VudCBv
ZiBmaWxlcyB0byB0aGUgc2VydmFudCBieSANCm1lYW5zIG9mIGFuIHdlYiBpbnRlcmZhY2UuIA0K
VGhlIGFkbWluaXN0cmF0b3JzIGNhbiBjb25maWd1cmUgdGhlIHNjcmlwdCB0byBjcmVhdGUgZGlm
ZmVyZW50IHVzZXJzICANCnRoYXQgdGhleSBjYW4gdXNlIHRoZSB1cGxvYWQuICANClRoaXMgdG9v
bCBpcyBpZGVhbCBmb3IgdGhlIGFkbWluaXN0cmF0b3IgdGhhdCB3YW50cyB0byBhbGxvdyB0aGUg
dXNlcnMgdG8gZ28gdXAgDQpmaWxlcyB0byB0aGUgc2VydmVyLCB3aXRob3V0IHRoZSBuZWNlc3Np
dHkgb2YgY3JlYXRpbmcgbmV3IEZUUCBhY2NvdW50cy4gDQoNCg0KDQoxLjQgLSBbIEN1cnJlbnQg
dmVyc2lvbnMgXSANCg0KICAgICAgIFRoZSBjdXJyZW50IHZlcnNpb24gaXMgMS4wLiANCg0KDQoN
CiAgICAgICAgICAgICAgICAgICA9PSA9PSA9PSA9PSA9PSA9PSA9PSA9PSA9PSA9PSA9PSA9PSA9
PSA9PSA9PSANCg0KDQoyIC0gWyBCdWcgXSANCg0KDQoyLjEgLSBbIEV4cGxhbmF0aW9uIF0gDQoN
CiAgICAgICBUaGUgYnVnIGlzIGluIHRoZSBmaWxlICdwYXNzd29yZC50eHQnLCB3aGljaCBpcyB0
aGUgZmlsZSANCnRoYXQgaGUga2VlcHMgYWxsIHRoZSB1c2VycyBhbmQgdGhlaXIgcmVzcGVjdGl2
ZSBwYXNzd29yZHMsIHRvZ2V0aGVyIHdpdGggDQp0aGUgZGlyZWN0b3J5IHdlcmUgZWFjaCB1c2Vy
IGNhbiB3b3JrLiANClRoaXMgZmlsZSBvbmNlIGNyZWF0ZWQgd2l0aCBhbGwgdGhlIGRhdGEgaXMg
c3RvcmVkIGluIHRoZSBzYW1lIGRpcmVjdG9yeSANCnRoYXQgdGhlIENHSSBhbmQgYWxsIHRoZSBp
bmZvcm1hdGlvbiBpcyBrZXB0IGluIHBsYW5lIHRleHQuIA0KVGhpcyBpcyBhIHZlcnkgc2VyaW91
cyBwcm9ibGVtIHNpbmNlIGl0IGlzIHZlcnkgZWFzeSBvd24gdGhlIHNlcnZpY2UgYW5kIGluIA0K
Y29uc2VxdWVuY2UsIHRoZSBlYXNpbmVzcyBvZiBiZWluZyBhYmxlIHRvIHJlcGxhY2UgYW55IGZp
bGUgb2YgdGhlIHNpdGUuIA0KDQoNCg0KMyAtIFsgRXhwbG9pdGF0aW9uIF0gDQoNCiAgICAgVGhl
IGV4cGxvaXRhdGlvbiBpcyB2ZXJ5IHNpbXBsZSBiZWNhdXNlIHRoZSBwcmV2aW91c2x5IG1lbnRp
b25lZCBidWcgDQppdCBkb2Vzbid0IG5lZWQgb2YgbWFueSBtYW5ldXZlcnMgdG8gYmUgYWJsZSB0
byBiZSBleHBsb2l0ZWQuIA0KVGhlIGFjY2VzcyB0byB0aGUgZmlsZSBjYW4gYmUgdGhyb3VnaCB0
aGUgYnJvd3Nlciwgd2hpY2ggdmlzdWFsaXplcyBldmVyeXRoaW5nIA0KY29ycmVjdGx5LiANCk9u
Y2Ugd2UgZ2V0IHRoZSBsb2dpbiBhbmQgdGhlIHBhc3MsIHdlIHByb2NlZWQgdG8gbG9nIG9uIGlu
dG8gdGhlIHRvb2wuIA0KDQoNCg0KNCAtIFsgU29sdXRpb24gXSANCg0KICAgICBDaGFuZ2UgdGhl
IG5hbWUgb2YgdGhlIGZpbGUgJyBwYXNzd29yZC50eHQnIGFuZCBjaGFuZ2UgdGhlIGZvbGxvd2lu
ZyANCmNvbmZpZ3VyYXRpb24gaW4gdGhlIGZpbGUgJ3VwbG9hZC5jZ2knOiANCm15ICRQQVNTV09S
RF9GSUxFID0gJERBVEFfRElSLiAnIFBBU1NXT1JELlRYVCcgDQoNCldoZXJlICdwYXNzd29yZC50
eHQnIGlzIHRoZSBuYW1lIHRoYXQgd2Ugd2lsbCBjaGFuZ2UsIGZvciB0aGUgbmV3IG9uZSB0aGF0
IHdlIA0KaGF2ZSBjcmVhdGVkLiAgDQogIA0KDQoNCnwgWmVyb19CeXRlIHx8IHplcm9fYnl0ZUBi
aWdmb290LmNvbSB8fCBJQ1EjIDk4MTc3NzgxIHw=
------------D4C1197DF955CB--
