perl pipe shell exploit

[Marshall Whittaker <marshallwhittaker () gmail com>]

This works off the perl pipe read bug, you can just input the first and
second parts of the web address (with http:// included) and it'll drop you
at a shell.  When using cd you must use the absolute path because I was too
lazy to do it the correct way. ;-).  I know this is pretty easy stuff, it
works off those vulns that can just be exploited with a web browser, but
this gives you a shell.  So have at it guys & gals!  Exploit is attached.

Site:
http://ultimategto.com/cgi-bin/statsedittext.cgi?filename=stats/1966vinmatrix.htm&desc=Stat+File
Useage: ./sublime.pl "
http://ultimategto.com/cgi-bin/statsedittext.cgi?filename=";
"&desc=Stat+File"

Should work on most perl cgi scripts that are vulnerable to | read bug.
 Please note, it's not a "real" shell, but almost everything works, except
things that won't go in one instance like cd-ing and env vars, etc.

Play nice!

--oxagast

Attachment: sublime.pl
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/