|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: infosrch.cgi 'interactive' shell
From: rpc (rpc
INETARENA.COM)Date: Tue May 23 2000 - 17:11:37 CDT
- Next message: dr_erik_wrightGMX.NET: "CyberCop Monitor NT 2.5"
- Previous message: Vandoorselaere Yoann: "Re: fdmount buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello All,
SGI's security advisory regarding infosrch.cgi minimizes the actual
vulnerability. Not only does it allow you to view any file on the system,
an attacker can easily run arbitrary commands. Attached is a simple perl
script that demonstrates this.
--rpc <hckz.org>
- TEXT/PLAIN attachment: infosh.pl
- Next message: dr_erik_wrightGMX.NET: "CyberCop Monitor NT 2.5"
- Previous message: Vandoorselaere Yoann: "Re: fdmount buffer overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]