Bugtraq mailing list archives

WWW Authorization Gateway

From: formatez () EDUREDES EDU DO (Albert Nubdy)
Date: Wed, 8 Jul 1998 20:08:49 -0400


-----BEGIN PGP SIGNED MESSAGE-----


Hello,


    I have discovered a problem in the WWW Authorization Gateway 0.1
By Ray Chan  From West's Perl Archive. This CGI Lets users grant or
deny access tosome pages. You can Execute any command you please with
it.
That is because of this little line: "$info = `grep $DATA{"user"}
$passurl`;".

To exploit You would just have to put:
"| any command you would like" as a Username and any password.


                                                FormateZ


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>

iQA/AwUBNaQxceUnuPHnmgTPEQL1fACaAr/WMae2qu78PwrG9orZNc4jvCEAoO3R
FC/KpjgPjJrHSSyhVPSe6w87
=hyj4
-----END PGP SIGNATURE-----

Current thread:

Sun libnsl lameness George Clooney (Jul 01)
- Re: Sun libnsl lameness nicholas harteau (Jul 01)
- pop_msg in debian/qpopper: core, but no exploit Herbert Rosmanith (Jul 02)
- Alert: ASP vulnerability with Alternate Data Streams Aleph One (Jul 02)
- ::$DATA ISAPI filter Aleph One (Jul 02)
- ePerl: bad handling of ISINDEX queries Tiago Luz Pinto (Jul 06)
  - Re: ePerl: bad handling of ISINDEX queries Andrew Pimlott (Jul 08)
    - Re: ePerl: bad handling of ISINDEX queries Steve Willer (Jul 08)
    - notes on Port scanning Lloyd Vancil (Jul 08)
    - WWW Authorization Gateway Albert Nubdy (Jul 08)
- Re: Sun libnsl lameness Allanah Myles (Jul 06)
  - Re: Sun libnsl lameness mib () DEAKIN EDU AU (Jul 08)
    - Re: Sun libnsl lameness Scott Stubbs (Jul 09)
    - Sun libnsl patches Mike Sorsen (Jul 09)
  - Re: Sun libnsl lameness Matt Conover (Jul 08)
  - DoS: ANS Interlock Firewall Chris A. Henesy (Jul 09)
  - Administrivia Aleph One (Jul 09)
- <Possible follow-ups>
- Re: Sun libnsl lameness Andy Polyakov (Jul 03)
  - Re: Sun libnsl lameness Matt Conover (Jul 03)
  - UPDATE: SSH insertion attack Ivan Arce (Jul 03)

(Thread continues...)