![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to httpd-rpc.sh CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [local] / OpenXM / src / kan96xx / Doc|
Return to httpd-rpc.sh CVS log | Up to [local] / OpenXM / src / kan96xx / Doc |
| File: [local] / OpenXM / src / kan96xx / Doc / httpd-rpc.sh (download)
Revision 1.7, Sun Nov 10 07:00:03 2002 UTC (21 years, 6 months ago) by takayama
It was possible to exploit any file through httpd on Kan/sm1 under some conditions. The vulnerability is now removed. |
#! /bin/sh
# $OpenXM: OpenXM/src/kan96xx/Doc/httpd-rpc.sh,v 1.7 2002/11/10 07:00:03 takayama Exp $
# OpenXM/rc/dot.bashrc must be read before execution of this script.
# source ${OpenXM_HOME}/rc/dot.bashrc
#
# Output verbose messages
# OXWEB_DEBUG=1
# export OXWEB_DEBUG
#
# Port number for the httpd service
OXWEB_PORT=8090
export OXWEB_PORT
#
# asirrc is executed when risa/asir starts. Override it if necessary.
# You can also define your own command in this file.
#ASIR_CONFIG=httpd-rpc-asirrc.rr
#ASIR_CONFIG=${OpenXM_HOME}/rc/asirrc
#export ASIR_CONFIG
#
# Set your own httpd-rpc file if necessary.
# OXWEB_HTTPD_RPC=httpd-rpc-${OXWEB_PORT}.sm1
OXWEB_HTTPD_RPC=httpd-rpc.sm1
export OXWEB_HTTPD_RPC
#
# If OXWEB_HTTPD_ROOT is set, file transfer will be allowed.
# Example: export OXWEB_HTTPD_ROOT=/usr/local/www/data/
# Do not forget the last /
# Set
#
# OXWEB_HTTPD_ROOT=/usr/local/www/data
# export OXWEB_HTTPD_ROOT
#
#
#LOGFILE=httpd-rpc-${OXWEB_PORT}.log
LOGFILE=/dev/tty
export LOGFILE
OXWEB_POST=1
export OXWEB_POST
OXWEB_TAKE_LOG=1
export OXWEB_TAKE_LOG
#
touch $LOGFILE
# tail -f $LOGFILE &
#
#
# Main loop
while true ; \
do \
date >>$LOGFILE ;
sm1 -s "[(parse) (${OXWEB_HTTPD_RPC}) pushfile] extension ; httpd ; quit " >> $LOGFILE 2>&1 ;
sleep 3 ; \
done