Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: infosrch.cgi 'interactive' shell
From: rpc (rpcINETARENA.COM)
Date: Tue May 23 2000 - 17:11:37 CDT
- Next message: dr_erik_wrightGMX.NET: "CyberCop Monitor NT 2.5"
- Previous message: Vandoorselaere Yoann: "Re: fdmount buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
SGI's security advisory regarding infosrch.cgi minimizes the actual
vulnerability. Not only does it allow you to view any file on the system,
an attacker can easily run arbitrary commands. Attached is a simple perl
script that demonstrates this.
- TEXT/PLAIN attachment: infosh.pl