TUCoPS :: Unix :: General :: unix5496.htm

Simple Wais allows users to execute commands as SWAIS deamon
1st Jul 2002 [SBWID-5496]
COMMAND

	Simple Wais allows users to execute commands as SWAIS deamon

SYSTEMS AFFECTED

	Simple Wais 1.11

PROBLEM

	John       Thornton       of       Hacker\'s       Digest       Magazine
	[http://www.hackersdigest.com] :
	

	By default SWAIS will allow you to break out of the restricted mode  and
	let anyone to execute commands on the OS  as  the  SWAIS  Service  while
	performing searches on the database. For the  example  we  simply  enter
	our search query with a \'| who\'.
	

	Getting \"Help on database:  1995_public_papers_vol2_text\" from

	1995_public_paper

	guest       ttyp1       Apr  4 14:23

	swais       ttyp2       Jun 29 16:52

	Press any key to continue

	

	As you can see we can do everything a local user can.

SOLUTION

	??

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH