Return to httpd-rpc.sh CVS log | Up to [local] / OpenXM / src / kan96xx / Doc |
File: [local] / OpenXM / src / kan96xx / Doc / httpd-rpc.sh (download)
Revision 1.7, Sun Nov 10 07:00:03 2002 UTC (21 years, 9 months ago) by takayama
It was possible to exploit any file through httpd on Kan/sm1 under some conditions. The vulnerability is now removed. |
#! /bin/sh # $OpenXM: OpenXM/src/kan96xx/Doc/httpd-rpc.sh,v 1.7 2002/11/10 07:00:03 takayama Exp $ # OpenXM/rc/dot.bashrc must be read before execution of this script. # source ${OpenXM_HOME}/rc/dot.bashrc # # Output verbose messages # OXWEB_DEBUG=1 # export OXWEB_DEBUG # # Port number for the httpd service OXWEB_PORT=8090 export OXWEB_PORT # # asirrc is executed when risa/asir starts. Override it if necessary. # You can also define your own command in this file. #ASIR_CONFIG=httpd-rpc-asirrc.rr #ASIR_CONFIG=${OpenXM_HOME}/rc/asirrc #export ASIR_CONFIG # # Set your own httpd-rpc file if necessary. # OXWEB_HTTPD_RPC=httpd-rpc-${OXWEB_PORT}.sm1 OXWEB_HTTPD_RPC=httpd-rpc.sm1 export OXWEB_HTTPD_RPC # # If OXWEB_HTTPD_ROOT is set, file transfer will be allowed. # Example: export OXWEB_HTTPD_ROOT=/usr/local/www/data/ # Do not forget the last / # Set # # OXWEB_HTTPD_ROOT=/usr/local/www/data # export OXWEB_HTTPD_ROOT # # #LOGFILE=httpd-rpc-${OXWEB_PORT}.log LOGFILE=/dev/tty export LOGFILE OXWEB_POST=1 export OXWEB_POST OXWEB_TAKE_LOG=1 export OXWEB_TAKE_LOG # touch $LOGFILE # tail -f $LOGFILE & # # # Main loop while true ; \ do \ date >>$LOGFILE ; sm1 -s "[(parse) (${OXWEB_HTTPD_RPC}) pushfile] extension ; httpd ; quit " >> $LOGFILE 2>&1 ; sleep 3 ; \ done