Simple Wais 1.11 allows users to execute commands as SWAIS deamon.

From: John Thornton (newsat_private)
Date: Sat Jun 29 2002 - 17:23:55 PDT

  • Next message: Nick Lange: "Re: FW: Possible flaw in XFree?"

    The WAIS (Wide Area Information Service) system is a collection of programs
    which provide for convenient information distribution over wide area
    networks.
    Tools for both "publishing" and accessing information sources are provided.
    The Simple WAIS (SWAIS) interface is an basic access tool designed for those
    focused on data retreival and not computer operation. It provides most of
    the
    functionality of the more complicated interfaces but features a simple and
    potentially more natural interface.  The functionality supported includes
    source selection, keyword entry, and automatic document retrieval.
    
    By default SWAIS will allow you to break out of the restricted mode and let
    anyone to execute commands on the OS as the SWAIS Service while performing
    searches on the database. For the example we simply enter our search query
    with a '| who'.
    
    Getting "Help on database:  1995_public_papers_vol2_text" from
    1995_public_paper
    guest       ttyp1       Apr  4 14:23
    swais       ttyp2       Jun 29 16:52
    Press any key to continue
    
    As you can see we can do everything a local user can. I successfully was
    able to compile programs and execute them to exploit the Unix OS with Simple
    Wais 1.11 being my only point of entry.
    
    Simple Wais Service is common on college, government and library servers.
    The restricted mode provides a sense of security that is easily out witted.
    
    -John Thornton
    Editor in Chief
    Hacker's Digest Magazine
    http://www.hackersdigest.com
    IRC Network: irc.hackersdigest.com
    



    This archive was generated by hypermail 2b30 : Sat Jun 29 2002 - 15:03:50 PDT