Netscape FastTrack server remote exploit (long GET)
----------------------------------------------------------------------------
----
SUMMARY
Vulnerability in Netscape FastTrack 2.01a allows any remote attacker to
execute commands as the user running the httpd daemon. This service is
running by default on any standard UnixWare 7.1 installation.
DETAILS
Vulnerable systems:
UnixWare 7.1
UnixWare 2.01a
By default , the FastTrack httpd will listen on TCP port 457 for incoming
HTTP requests. With the particular configuration file that this httpd
instance uses, we can browse the SCO help documents repository as well as
man pages and so on.
A long GET /aaaaa request will cause the httpd daemon to crash. At 367
bytes after the "/", we have completely overwritten EIP, allowing us to
run arbitrary commands.
Exploit:
This exploit executes the command of your choice. This has only been
compiled and tested on a UnixWare box attacking a UnixWare box, but it
should be fairly portable. This is not a root shell, since httpd runs as
user 'nobody' (but now you get to try out all those local exploits!).
---uwhelp.c---
/** uwhelp.c - remote exploit for UnixWare's Netscape FastTrack
** 2.01a scohelp http service
**
kalau mau sourcenya (panjang sih), lewat mas Japri ya ;)
Ps: itu bitnet kan pakai netscape fast track, jangan dikerjain lagi tuh,
kasian ;)
-------
AFLHI 058009990407128029/089802---(102598//991024)
http://www.indolinux.com - Nikmati Layanan Personal INDOLINUX ::
http://techscape.net/ - Webhosting: Dual T3 on Dual Pentium III 450Mhz
Only US$1.95/month -> CGI SSL 5MB Unlimited Traffic & Mail FP2000
-------------------------------------------------------------------
untuk berhenti kirim email ke [EMAIL PROTECTED]
untuk melihat peraturan kirim email ke [EMAIL PROTECTED]
arsip berada di http://www.mail-archive.com/[email protected]
