| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACQ_HNpMjQQwTV=S+rYY4qGsq8jArUmuOZnQpYr9K0WNZpPuGg@mail.gmail.com> Date: Sat, 15 Oct 2011 18:43:20 -0300 From: Marshall Whittaker <marshallwhittaker@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: perl pipe shell exploit This works off the perl pipe read bug, you can just input the first and second parts of the web address (with http:// included) and it'll drop you at a shell. When using cd you must use the absolute path because I was too lazy to do it the correct way. ;-). I know this is pretty easy stuff, it works off those vulns that can just be exploited with a web browser, but this gives you a shell. So have at it guys & gals! Exploit is attached. Site: http://ultimategto.com/cgi-bin/statsedittext.cgi?filename=stats/1966vinmatrix.htm&desc=Stat+File Useage: ./sublime.pl " http://ultimategto.com/cgi-bin/statsedittext.cgi?filename=" "&desc=Stat+File" Should work on most perl cgi scripts that are vulnerable to | read bug. Please note, it's not a "real" shell, but almost everything works, except things that won't go in one instance like cd-ing and env vars, etc. Play nice! --oxagast Content of type "text/html" skipped Download attachment "sublime.pl" of type "application/octet-stream" (1671 bytes) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists