CD Actual 49

home *** CD-ROM | disk | FTP | other *** search

/ CD Actual 49 / cda49.iso / VNULabs / BrownOrifice / BOHTTPD-0.2 / BOHTTPD.pm < prev next >

Wrap

Perl POD Document | 2000-08-11 | 4.5 KB | 165 lines

package BOHTTPD; use base Exporter; use CGI; @EXPORT = qw(is_ms is_ie show_info show_header show_footer show_warning html_escape); sub is_ms() { $ENV{HTTP_USER_AGENT} =~ /win/i } sub is_ie() { $ENV{HTTP_USER_AGENT} =~ /MSIE/ } my @mysql = qw</usr/local/mysql/bin/mysql -uroot -proot -B brownorifice>; sub db_update { my $q = shift; my $qe = CGI::escape($q); system @mysql, '-e', qq( DELETE FROM filez WHERE url = "$qe" ); system @mysql, '-e', qq( INSERT INTO filez (url) VALUES ("$qe") ); 1 } sub db_search { my $q = shift; my $dt = shift || 600; my $qe = CGI::escape($q); my $q = qq( SELECT url FROM filez WHERE url REGEXP ".*$qe.*" AND time >= (NOW() - $dt) LIMIT 100 ); open my $in, "@mysql -e '$q' |"; <$in>; my @h = <$in>; close $in; chomp, $_ = CGI::unescape($_) for @h; @h } sub show_header { print q< <html> <head> <title>Brown Orifice HTTPD</title> </head> <body bgcolor="#ffffff"> <link rel="stylesheet" href="BOHTTPD.css"> >; if (open my $fp, 'BOHTTPD_logo.html') { print while <$fp>; close $fp; }; } sub show_info { print q< <h3>Brown Orifice HTTPD</h3> <ul> 2000.08.08 Mystic Mayhem <code><mystic@mad.scientist.com></code> and others suggest a product called <a href="http://www.zonelabs.com/">ZoneAlarm</a> to defend against this vulnerability. According to MM, it displays the quite prophetic warning "Do you want Netscape Application File to act as a server?" when BOHTTPD is attempting to initialize. 2000.08.07 That nasty file truncation problem should be fixed in the live version and the upcoming 0.2 release. Happy serving! 2000.08.05 Right now I'm at the internet cafe (Club I) at 850 Folsom in San Francisco (between 4th and 5th street). I'll be here until 2:00 a.m. showing demos to anybody interested. A guy showed up here and made BOHTTPD multithreaded. This new functionality is live right now, but not available for download until I get some version control set up. WHOA! I just saw a Windows 2000 system that was still running BOHTTPD even after Netscape had been apparently terminated. Even the "Task Manager" showed no trace. 2000.08.03 I've discovered a pair of new capbilities in Java, one residing in the Java core and the other in Netscape's Java distribution. The first (exploited in BOServerSocket and BOSocket) allows Java to open a server which can be accessed by arbitrary clients. The second (BOURLConnection and BOURLInputStream) allows Java to access arbitrary URLs, including local files. As a demonstration, I've written Brown Orifice HTTPD for Netscape Communicator. BOHTTPD is a browser-resident web server and file-sharing tool that demonstrates these two problems in Netscape Communicator. BOHTTPD will serve files from a directory of your choice, and will also act as an HTTP/FTP proxy server. Click the button below to launch BOHTTPD in your Netscape Browser. To see a list of links to browsers currently running BOHTTPD, check out <a href="BOHTTPD_spy.cgi">BOHTTPD Spy</a>. To get a copy of the Brown Orifice site and source code, go to the <a href="BOHTTPD_download.cgi">download page</a>. <a href="http://www.brumleve.com/resume.html">Dan Brumleve</a> <code><<a href="mailto:dan%2Bsecurity@brumleve.com">dan+security@brumleve.com</a>></code>, <code>2000-08-03</code> </ul> <hr> >; } sub show_warning { print q< <blink>WARNING:</blink> Brown Orifice is a SECURITY HOLE, not a toy. Files in the directory you specify are likely to be downloaded by other people. You must completely exit Netscape in order to turn it off. >; } sub show_footer { print q< <hr> <a href="http://www.brumleve.com/resume.html">Dan Brumleve</a> <code><<a href="mailto:dan%2Bsecurity@brumleve.com">dan+security@brumleve.com</a>></code>, <code>2000-08-03</code> </body> </html> > } sub html_escape { local $_ = shift; s/&/&/g; s/"/"/g; s/</</g; s/>/>/g; $_ } 1;