Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Re: Run arbitrary UNIX commands on webserver without telnet

by mattr (Curate)
on Nov 13, 2001 at 13:50 UTC ( #125019=note: print w/replies, xml ) Need Help??

in reply to Run arbitrary UNIX commands on webserver without telnet

It is also very dangerous because you could have admins preserving this security hole in automatic backups, or you could have a disgruntled employee use it. Maybe you can compromise important passwords (db server? other hosts?) by showing them to other people through the shell environment variable.

What would be really dangerous is for it to be pushed from a staging server to live server in a general upload that the corporate hosting service does for you. You may not ever be able to tell what is in that directory yourself, and like one large hosting service I know, there may be nobody with brainpower in the loop on their side either.

If you really needed to know something about your server I don't see why you wouldn't just modify your main cgi program to print the data out, then erase that debugging code later.

Of course I tell clients to only use telnetable systems, or to switch to a cheaper provider which has them.. at the very least you will be very sorry when you suddenly need to use compiled C code.

I can imagine a situation where you might want to do something in 5 minutes and you are in trouble, but there is no justification for making a general shell exploit and posting it on perlmonks. I can't see a lot of use for it except as a way to do mischief.

  • Comment on Re: Run arbitrary UNIX commands on webserver without telnet

Replies are listed 'Best First'.
Re(2): Run arbitrary UNIX commands on webserver without telnet
by dmmiller2k (Chaplain) on Nov 13, 2001 at 18:46 UTC

    Point taken. See my reply to merlyn.


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://125019]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (5)
As of 2018-06-18 11:41 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (109 votes). Check out past polls.