Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

infosrch.cgi 'interactive' shell

From: rpc () INETARENA COM (rpc)
Date: Tue, 23 May 2000 15:11:37 -0700

Hello All,
  SGI's security advisory regarding infosrch.cgi minimizes the actual
vulnerability. Not only does it allow you to view any file on the system,
an attacker can easily run arbitrary commands. Attached is a simple perl
script that demonstrates this.

--rpc <h () ckz org>

<HR NOSHADE>
<UL>
<LI>TEXT/PLAIN attachment: infosh.pl
</UL>
Previous By Date Next
Previous By Thread Next

Current thread: