This works off the perl pipe read bug, you can just input the first and second parts of the web address (with http:// included) and it'll drop you at a shell. When using cd you must use the absolute path because I was too lazy to do it the correct way. ;-). I know this is pretty easy stuff, it works off those vulns that can just be exploited with a web browser, but this gives you a shell. So have at it guys & gals! Exploit is attached. Site: http://ultimategto.com/cgi-bin/statsedittext.cgi?filename=stats/1966vinmatrix.htm&desc=Stat+File Useage: ./sublime.pl " http://ultimategto.com/cgi-bin/statsedittext.cgi?filename="; "&desc=Stat+File" Should work on most perl cgi scripts that are vulnerable to | read bug. Please note, it's not a "real" shell, but almost everything works, except things that won't go in one instance like cd-ing and env vars, etc. Play nice! --oxagast
Attachment:
sublime.pl
Description: Binary data
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/