Vulnerability Development mailing list archives
Simple Wais 1.11 allows users to execute commands as SWAIS deamon.
From: "John Thornton" <news () hackersdigest com>
Date: Sat, 29 Jun 2002 17:23:55 -0700
The WAIS (Wide Area Information Service) system is a collection of programs which provide for convenient information distribution over wide area networks. Tools for both "publishing" and accessing information sources are provided. The Simple WAIS (SWAIS) interface is an basic access tool designed for those focused on data retreival and not computer operation. It provides most of the functionality of the more complicated interfaces but features a simple and potentially more natural interface. The functionality supported includes source selection, keyword entry, and automatic document retrieval. By default SWAIS will allow you to break out of the restricted mode and let anyone to execute commands on the OS as the SWAIS Service while performing searches on the database. For the example we simply enter our search query with a '| who'. Getting "Help on database: 1995_public_papers_vol2_text" from 1995_public_paper guest ttyp1 Apr 4 14:23 swais ttyp2 Jun 29 16:52 Press any key to continue As you can see we can do everything a local user can. I successfully was able to compile programs and execute them to exploit the Unix OS with Simple Wais 1.11 being my only point of entry. Simple Wais Service is common on college, government and library servers. The restricted mode provides a sense of security that is easily out witted. -John Thornton Editor in Chief Hacker's Digest Magazine http://www.hackersdigest.com IRC Network: irc.hackersdigest.com
Current thread:
- Re: Possible flaw in XFree?, (continued)
- Re: Possible flaw in XFree? Vanja Hrustic (Jun 28)
- Re: Possible flaw in XFree? Valdis . Kletnieks (Jun 28)
- Re: Possible flaw in XFree? Nuno Branco (Jun 28)
- Re: Possible flaw in XFree? Vilmos Soti (Jun 28)
- Message not available
- Re: Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Nick Lange (Jun 28)
- Re: Possible flaw in XFree? Timothy J . Miller (Jun 29)
- Re: Possible flaw in XFree? strange (Jun 28)
- Re: Possible flaw in XFree? Ross Nelson (Jun 29)
- Re: Possible flaw in XFree? Michael Jennings (Jun 29)
- Simple Wais 1.11 allows users to execute commands as SWAIS deamon. John Thornton (Jun 29)
- Re: Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Edsel Adap (Jun 29)
- Re: Possible flaw in XFree? mdonnelly (Jun 28)
- Re: FW: Possible flaw in XFree? strange (Jun 29)
- Re: FW: Possible flaw in XFree? Nick Lange (Jun 29)
- Re: FW: Possible flaw in XFree? Michael Jennings (Jun 29)
- Re: FW: Possible flaw in XFree? strange (Jun 29)