The WAIS (Wide Area Information Service) system is a collection of programs which provide for convenient information distribution over wide area networks. Tools for both "publishing" and accessing information sources are provided. The Simple WAIS (SWAIS) interface is an basic access tool designed for those focused on data retreival and not computer operation. It provides most of the functionality of the more complicated interfaces but features a simple and potentially more natural interface. The functionality supported includes source selection, keyword entry, and automatic document retrieval. By default SWAIS will allow you to break out of the restricted mode and let anyone to execute commands on the OS as the SWAIS Service while performing searches on the database. For the example we simply enter our search query with a '| who'. Getting "Help on database: 1995_public_papers_vol2_text" from 1995_public_paper guest ttyp1 Apr 4 14:23 swais ttyp2 Jun 29 16:52 Press any key to continue As you can see we can do everything a local user can. I successfully was able to compile programs and execute them to exploit the Unix OS with Simple Wais 1.11 being my only point of entry. Simple Wais Service is common on college, government and library servers. The restricted mode provides a sense of security that is easily out witted. -John Thornton Editor in Chief Hacker's Digest Magazine http://www.hackersdigest.com IRC Network: irc.hackersdigest.com
This archive was generated by hypermail 2b30 : Sat Jun 29 2002 - 15:03:50 PDT