Dan, did you come up with that on the spot or is there already a whitepaper on it? Anyway now that the cats out of the bag... See attached. :) No more bids please. Dan was correct. On Tue, Jun 7, 2011 at 9:38 AM, Dan Rosenberg <dan.j.rosenberg@xxxxxxxxx>wrote: > On Tue, Jun 7, 2011 at 6:19 AM, Marshall Whittaker > <marshallwhittaker@xxxxxxxxx> wrote: > > Hello, > > I am willing to sell a new attack vector I have devised. The proof of > > concept code you will receive has the ability to arbitrarily upload files > to > > a webserver (tested on Apache), running linux with the well known perl > read > > pipe vulnerability in many web CGI applications. This issue can also be > > leveraged through PHP LFI and RFI attacks, and through almost any other > > remote command execution vulnerability. > > If you have a remote command execution vulnerability, couldn't you > just leverage whatever useful binaries are available on the victim > machine (perl, python, echo) to simply copy your exploit/file/etc. to > disk by printing it byte-by-byte, possibly in pieces? Did I ruin the > surprise? > > -Dan >
Attachment:
perlpipeupload.pl
Description: Binary data
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/