Bugtraq mailing list archives
GOBBLES CGI MARATHON #003
From: "bugtraq" <bugtraq () bugtraq org>
Date: Wed, 26 Dec 2001 01:29:03 GMT
PRODUCT*******
AdStreamerhttp://www.sha-la-la.com/adstreamer/
DESCRIPTION***********
This software have many an open call that can exploited with Perl trickslike ../, %00, |, etc.
bash-2.05$ egrep 'open|system|exec|eval' *.cgi
addbanner.cgi:# This script is apart of the Banner Manager system.
It will add banners
addbanner.cgi:open(HEADERFILE, "banner/$thebannercat.dat") || die("error
opening the file $thebannercat.dat");
addbanner.cgi:open(HEADERFILE, ">banner/$thebannercat.dat") || die("error
opening the file $thebannercat.dat");
addbanner.cgi: open(HEADERFILE, ">>banner/$logfile") || die("error opening
the file $logfile");
addbanner.cgi: open(HEADERFILE, ">banner/$logfile") || die("error opening
the file $logfile");
banner.cgi:# This script is apart of the Banner Manager system.
It adds banner
banner.cgi:open(HEADERFILE, "$input{'cat'}.dat") || die("error opening the
file $input{'cat'}.dat");
banner.cgi:open(HEADERFILE, ">$input{'cat'}.dat") || die("error opening the
file $input{'cat'}.dat");
banner.cgi: open(HEADERFILE, ">>$logfile") || die("error opening the
file $logfile");
banner.cgi: open(HEADERFILE, ">$logfile") || die("error opening the file
$logfile");
bannereditor.cgi:# This script is apart of the Banner Manager
system. It preforms banner
bannereditor.cgi:open(HEADERFILE, "titles.dat") || die("error opening the
file titles.dat");
bannereditor.cgi: open(HEADERFILE, "$input{'cat'}.dat") || die("error
opening the file $input{'cat'}.dat");
bannereditor.cgi: open(HEADERFILE, ">$input{'cat'}.dat") || die("error
opening the file $input{'cat'}.dat");
bannereditor.cgi: open(HEADERFILE, "$input{'cat'}.dat") || die("error
opening the file $input{'cat'}.dat");
bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error
opening the file categories.dat");
bannereditor.cgi: open(HEADERFILE, ">categories.dat") || die("error
opening the file categories.dat");
bannereditor.cgi: open(HEADERFILE, ">ref.dat") || die("error opening
the file ref.dat");
bannereditor.cgi: open(HEADERFILE, ">titles.dat") || die("error
opening the file titles.dat");
bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error
opening the file categories.dat");
bannereditor.cgi: open(HEADERFILE, "$cat.dat") || die("error
opening the file $cat.dat");
bannereditor.cgi: open(HEADERFILE, ">$cat.dat") || die("error
opening the file $cat.dat");
bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error
opening the file categories.dat");
bannereditor.cgi: open(HEADERFILE, "$cat.dat") || die("error
opening the file $cat.dat");
bannereditor.cgi: open(HEADERFILE, ">>ref.dat") || die("error opening
the file ref.dat");
bannereditor.cgi: open(HEADERFILE, ">>titles.dat") || die("error
opening the file titles.dat");
bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error
opening the file categories.dat");
bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error
opening the file categories.dat");
bannereditor.cgi: open(HEADERFILE, "$cat.dat") ||
die("error opening the file $cat.dat");
bannereditor.cgi: open(HEADERFILE, ">>$cat.dat") ||
die("error opening the file $cat.dat");
bannereditor.cgi: open(HEADERFILE, ">$input{'newcat'}.dat") ||
die("error opening the file $input{'newcat'}.dat");
bannereditor.cgi: open(HEADERFILE, ">>categories.dat") || die("error
opening the file categories.dat");
bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error
opening the file categories.dat");
bannereditor.cgi: open(HEADERFILE, "$cat.dat") || die("error
opening the file $cat.dat");
bannereditor.cgi: open(HEADERFILE, "categories.dat") || die("error
opening the file categories.dat");
bannereditor.cgi: open(HEADERFILE, "ref.dat") || die("error opening
the file ref.dat");
jump.cgi:# This script is apart of the Banner Manager system.
It recieves every
jump.cgi:open(HEADERFILE, "ref.dat") || die("error opening the file
ref.dat");
jump.cgi: open(HEADERFILE, ">>$logfile") || die("error opening
the file $logfile");
jump.cgi: open(HEADERFILE, ">$logfile") || die("error opening
the file $logfile");
report2.cgi:# This script is apart of the Banner Manager system.
It generates reports
report2.cgi:open(HEADERFILE, "titles.dat") || die("error opening the file
titles.dat");
report2.cgi:opendir(LOGDIR, ".") || die("error");
report2.cgi: open(HEADERFILE, "$file.log") || die("error opening the file
$file.log");
report2.cgi:opendir(LOGDIR, ".") || die("error");
report2.cgi: open(HEADERFILE, "$file.log") || die("error opening the file
$file.log");
report2.cgi:opendir(LOGDIR, ".") || die("error");
report2.cgi: open(HEADERFILE, "$file.log") || die("error opening the file
$file.log");
report2.cgi:open(HEADERFILE, "categories.dat") || die("error opening the
file categories.dat");
report2.cgi:opendir(LOGDIR, ".") || die("error");
report2.cgi:open(HEADERFILE, "categories.dat") || die("error opening the
file categories.dat");
report2.cgi:open(HEADERFILE, "$input{'log'}") || die("error opening the file
$input{'log'}");
report2.cgi:open(HEADERFILE, "$input{'log'}") || die("error opening the file
$input{'log'}");
report2.cgi:open(HEADERFILE, "$input{'log'}") || die("error opening the file
$input{'log'}");
report2.cgi:opendir(LOGDIR, ".") || die("error");
report2.cgi:open(HEADERFILE, "categories.dat") || die("error opening the
file categories.dat");
VENDOR NOTIFICATION*******************
Vendor is informed now with public. Not to worry, since malicious peopledon't read Bugtraq.
GOBBLES LABS GOBBLES () hushmail comhttp://www.bugtraq.org/
Current thread:
- GOBBLES CGI MARATHON #003 bugtraq (Dec 25)