Home page logo

bugtraq logo Bugtraq mailing list archives

Simple Wais 1.11 allows users to execute commands as SWAIS deamon.
From: "John Thornton" <news () hackersdigest com>
Date: Sat, 29 Jun 2002 17:22:36 -0700

The WAIS (Wide Area Information Service) system is a collection of programs
which provide for convenient information distribution over wide area
Tools for both "publishing" and accessing information sources are provided.
The Simple WAIS (SWAIS) interface is an basic access tool designed for those
focused on data retreival and not computer operation. It provides most of
functionality of the more complicated interfaces but features a simple and
potentially more natural interface.  The functionality supported includes
source selection, keyword entry, and automatic document retrieval.

By default SWAIS will allow you to break out of the restricted mode and let
anyone to execute commands on the OS as the SWAIS Service while performing
searches on the database. For the example we simply enter our search query
with a '| who'.

Getting "Help on database:  1995_public_papers_vol2_text" from
guest       ttyp1       Apr  4 14:23
swais       ttyp2       Jun 29 16:52
Press any key to continue

As you can see we can do everything a local user can. I successfully was
able to compile programs and execute them to exploit the Unix OS with Simple
Wais 1.11 being my only point of entry.

Simple Wais Service is common on college, government and library servers.
The restricted mode provides a sense of security that is easily out witted.

-John Thornton
Editor in Chief
Hacker's Digest Magazine
IRC Network: irc.hackersdigest.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]