<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: WWW Authorization Gateway

WWW Authorization Gateway

From: Albert Nubdy <formatez_at_EDUREDES.EDU.DO>
Date: Wed, 8 Jul 1998 20:08:49 -0400

-----BEGIN PGP SIGNED MESSAGE-----

Hello,

I have discovered a problem in the WWW Authorization Gateway 0.1
By Ray Chan From West's Perl Archive. This CGI Lets users grant or
deny access tosome pages. You can Execute any command you please with
it.
That is because of this little line: "$info = `grep $DATA{"user"}
$passurl`;".

To exploit You would just have to put:
"| any command you would like" as a Username and any password.

FormateZ

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>

iQA/AwUBNaQxceUnuPHnmgTPEQL1fACaAr/WMae2qu78PwrG9orZNc4jvCEAoO3R
FC/KpjgPjJrHSSyhVPSe6w87
=hyj4
-----END PGP SIGNATURE-----
Received on Jul 09 1998

This message: [ Message body ]
Next message: mib_at_DEAKIN.EDU.AU: "Re: Sun libnsl lameness"
Previous message: Lloyd Vancil: "notes on Port scanning"
In reply to: Andrew Pimlott: "Re: ePerl: bad handling of ISINDEX queries"
Next in thread: Tiago Luz Pinto: "Re: ePerl: bad handling of ISINDEX queries"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos