TUCoPS :: Web :: Apps :: pals.htm

PALS Library System "pine pipe bug" yields arbitrary files, command execution 
Vulnerability

    PALS Library System

Affected

    PALS Library System

Description

    'UkR-XblP' found following.  This  script is derived from an  idea
    originated at St.Olaf  College to provide  a www interface  to the
    PALS Library  System.   This idea  was then  worked on  at Georgia
    State University.  This version of WebPals has been written  using
    their original ideal.

    Through this  bug you  can see  any files  and command  execution.
    Problem lies in "pine pipe bug".  Exploit:

        http://www.victim.com/cgi-bin/pals-cgi?palsAction=restart&documentName=url_to_file
        http://www.victim.com/pals-cgi?palsAction=restart&documentName=url_to_command

Solution

    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH