Bugtraq mailing list archives
GOBBLES CGI MARATHON #003
From: "bugtraq" <bugtraq () bugtraq org>
Date: Wed, 26 Dec 2001 01:29:03 GMT
PRODUCT*******
AdStreamerhttp://www.sha-la-la.com/adstreamer/
DESCRIPTION***********
This software have many an open call that can exploited with Perl trickslike ../, %00, |, etc.
bash-2.05$ egrep 'open|system|exec|eval' *.cgi addbanner.cgi:# This script is apart of the Banner Manager system. It will add banners addbanner.cgi:open(HEADERFILE, "banner/$thebannercat.dat") || die("error opening the file $thebannercat.dat"); addbanner.cgi:open(HEADERFILE, ">banner/$thebannercat.dat") || die("error opening the file $thebannercat.dat"); addbanner.cgi: open(HEADERFILE, ">>banner/$logfile") || die("error opening the file $logfile"); addbanner.cgi: open(HEADERFILE, ">banner/$logfile") || die("error opening the file $logfile"); banner.cgi:# This script is apart of the Banner Manager system. It adds banner banner.cgi:open(HEADERFILE, "$input{'cat'}.dat") || die("error opening the file $input{'cat'}.dat"); banner.cgi:open(HEADERFILE, ">$input{'cat'}.dat") || die("error opening the file $input{'cat'}.dat"); banner.cgi: open(HEADERFILE, ">>$logfile") || die("error opening the file $logfile"); banner.cgi: open(HEADERFILE, ">$logfile") || die("error opening the file $logfile"); bannereditor.cgi:# This script is apart of the Banner Manager system. It preforms banner bannereditor.cgi:open(HEADERFILE, "titles.dat") || die("error opening the file titles.dat"); bannereditor.cgi: open(HEADERFILE, "$input{'cat'}.dat") || die("error opening the file $input{'cat'}.dat"); bannereditor.cgi: open(HEADERFILE, ">$input{'cat'}.dat") || die("error opening the file $input{'cat'}.dat"); bannereditor.cgi: open(HEADERFILE, "$input{'cat'}.dat") || die("error opening the file $input{'cat'}.dat"); bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error opening the file categories.dat"); bannereditor.cgi: open(HEADERFILE, ">categories.dat") || die("error opening the file categories.dat"); bannereditor.cgi: open(HEADERFILE, ">ref.dat") || die("error opening the file ref.dat"); bannereditor.cgi: open(HEADERFILE, ">titles.dat") || die("error opening the file titles.dat"); bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error opening the file categories.dat"); bannereditor.cgi: open(HEADERFILE, "$cat.dat") || die("error opening the file $cat.dat"); bannereditor.cgi: open(HEADERFILE, ">$cat.dat") || die("error opening the file $cat.dat"); bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error opening the file categories.dat"); bannereditor.cgi: open(HEADERFILE, "$cat.dat") || die("error opening the file $cat.dat"); bannereditor.cgi: open(HEADERFILE, ">>ref.dat") || die("error opening the file ref.dat"); bannereditor.cgi: open(HEADERFILE, ">>titles.dat") || die("error opening the file titles.dat"); bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error opening the file categories.dat"); bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error opening the file categories.dat"); bannereditor.cgi: open(HEADERFILE, "$cat.dat") || die("error opening the file $cat.dat"); bannereditor.cgi: open(HEADERFILE, ">>$cat.dat") || die("error opening the file $cat.dat"); bannereditor.cgi: open(HEADERFILE, ">$input{'newcat'}.dat") || die("error opening the file $input{'newcat'}.dat"); bannereditor.cgi: open(HEADERFILE, ">>categories.dat") || die("error opening the file categories.dat"); bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error opening the file categories.dat"); bannereditor.cgi: open(HEADERFILE, "$cat.dat") || die("error opening the file $cat.dat"); bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error opening the file categories.dat"); bannereditor.cgi: open(HEADERFILE, "ref.dat") || die("error opening the file ref.dat"); jump.cgi:# This script is apart of the Banner Manager system. It recieves every jump.cgi:open(HEADERFILE, "ref.dat") || die("error opening the file ref.dat"); jump.cgi: open(HEADERFILE, ">>$logfile") || die("error opening the file $logfile"); jump.cgi: open(HEADERFILE, ">$logfile") || die("error opening the file $logfile"); report2.cgi:# This script is apart of the Banner Manager system. It generates reports report2.cgi:open(HEADERFILE, "titles.dat") || die("error opening the file titles.dat"); report2.cgi:opendir(LOGDIR, ".") || die("error"); report2.cgi: open(HEADERFILE, "$file.log") || die("error opening the file $file.log"); report2.cgi:opendir(LOGDIR, ".") || die("error"); report2.cgi: open(HEADERFILE, "$file.log") || die("error opening the file $file.log"); report2.cgi:opendir(LOGDIR, ".") || die("error"); report2.cgi: open(HEADERFILE, "$file.log") || die("error opening the file $file.log"); report2.cgi:open(HEADERFILE, "categories.dat") || die("error opening the file categories.dat"); report2.cgi:opendir(LOGDIR, ".") || die("error"); report2.cgi:open(HEADERFILE, "categories.dat") || die("error opening the file categories.dat"); report2.cgi:open(HEADERFILE, "$input{'log'}") || die("error opening the file $input{'log'}"); report2.cgi:open(HEADERFILE, "$input{'log'}") || die("error opening the file $input{'log'}"); report2.cgi:open(HEADERFILE, "$input{'log'}") || die("error opening the file $input{'log'}"); report2.cgi:opendir(LOGDIR, ".") || die("error"); report2.cgi:open(HEADERFILE, "categories.dat") || die("error opening thefile categories.dat");
VENDOR NOTIFICATION*******************
Vendor is informed now with public. Not to worry, since malicious peopledon't read Bugtraq.
GOBBLES LABS GOBBLES () hushmail comhttp://www.bugtraq.org/
Current thread:
- GOBBLES CGI MARATHON #003 bugtraq (Dec 25)