mailing list archives
Simple Wais 1.11 allows users to execute commands as SWAIS deamon.
From: "John Thornton" <news () hackersdigest com>
Date: Sat, 29 Jun 2002 17:22:36 -0700
The WAIS (Wide Area Information Service) system is a collection of programs
which provide for convenient information distribution over wide area
Tools for both "publishing" and accessing information sources are provided.
The Simple WAIS (SWAIS) interface is an basic access tool designed for those
focused on data retreival and not computer operation. It provides most of
functionality of the more complicated interfaces but features a simple and
potentially more natural interface. The functionality supported includes
source selection, keyword entry, and automatic document retrieval.
By default SWAIS will allow you to break out of the restricted mode and let
anyone to execute commands on the OS as the SWAIS Service while performing
searches on the database. For the example we simply enter our search query
with a '| who'.
Getting "Help on database: 1995_public_papers_vol2_text" from
guest ttyp1 Apr 4 14:23
swais ttyp2 Jun 29 16:52
Press any key to continue
As you can see we can do everything a local user can. I successfully was
able to compile programs and execute them to exploit the Unix OS with Simple
Wais 1.11 being my only point of entry.
Simple Wais Service is common on college, government and library servers.
The restricted mode provides a sense of security that is easily out witted.
Editor in Chief
Hacker's Digest Magazine
IRC Network: irc.hackersdigest.com