|
Full Disclosure
mailing list archives
perl pipe shell exploit
From: Marshall Whittaker <marshallwhittaker () gmail com>
Date: Sat, 15 Oct 2011 18:43:20 -0300
This works off the perl pipe read bug, you can just input the first and
second parts of the web address (with http:// included) and it'll drop you
at a shell. When using cd you must use the absolute path because I was too
lazy to do it the correct way. ;-). I know this is pretty easy stuff, it
works off those vulns that can just be exploited with a web browser, but
this gives you a shell. So have at it guys & gals! Exploit is attached.
Site:
http://ultimategto.com/cgi-bin/statsedittext.cgi?filename=stats/1966vinmatrix.htm&desc=Stat+File
Useage: ./sublime.pl "
http://ultimategto.com/cgi-bin/statsedittext.cgi?filename=";
"&desc=Stat+File"
Should work on most perl cgi scripts that are vulnerable to | read bug.
Please note, it's not a "real" shell, but almost everything works, except
things that won't go in one instance like cd-ing and env vars, etc.
Play nice!
--oxagast
Attachment:
sublime.pl
Description:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- perl pipe shell exploit Marshall Whittaker (Oct 15)
| 
