Would you then describe this as more of a way to exploit an already known attack vector, rather than a new attack vector?
On Tue, Jun 7, 2011 at 11:19 AM, Marshall Whittaker < [email protected]> wrote: > Hello, > I am willing to sell a new attack vector I have devised. The proof of > concept code you will receive has the ability to arbitrarily upload files to > a webserver (tested on Apache), running linux with the well known perl read > pipe vulnerability in many web CGI applications. This issue can also be > leveraged through PHP LFI and RFI attacks, and through almost any other > remote command execution vulnerability. The code has been tested on BSD, > and does not seem to work stand alone, but BSD may be vulnerable as well, I > just don't have a box to test it properly on. The code can upload an ASCII > or binary file to the webserver, even if the firewall rules prohibit > downloading. For example, if you have a linux webserver running apache and > a vulnerable perl script, this proof of concept can upload a local root > exploit that cannot be downloaded with the remote command execution as a > local user (usually one of apache's users) due to iptables or another > firewall that blocks outbound connections to other > webservers/ftp/whathaveyou servers for download with > wget/curl/lwp-download/ftp and other local downloading utilities, or if > these utilities have been removed. Once a (modified) local root exploit has > been uploaded, it can modify the iptables as the root user, then bind a > shell, or spawn a reverse shell, or drop another payload as root. Please > contact me if you are interested in getting the PoC code, and bid a price. > Please be reasonable. When you contact me, payment details can be > arranged. PoC code is written in perl, and is heavily commented. > > oxagast > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
