ports/80639: [NEW PORT] www/gwee: Tool to exploit command execution vulnerabilities in web scripts
chinsan
chinsan at mail2000.com.tw
Thu May 5 05:10:01 UTC 2005
>Number: 80639
>Category: ports
>Synopsis: [NEW PORT] www/gwee: Tool to exploit command execution vulnerabilities in web scripts
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu May 05 05:10:00 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: chinsan
>Release: FreeBSD 5.3-RELEASE i386
>Organization:
>Environment:
System: FreeBSD chinsan.twbbs.org 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 root at harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
gwee (Generic Web Exploitation Engine) is a small program written in C
designed to exploit input validation vulnerabilities in web scripts, such as
Perl CGIs, PHP, etc.
WWW: http://tigerteam.se/dl/gwee/
>How-To-Repeat:
# mkdir /usr/ports/www/gwee ; cd /usr/ports/www/gwee
# sh gwee.shar
# make install clean
>Fix:
--- gwee.shar begins here ---
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# .
# ./Makefile
# ./distinfo
# ./pkg-descr
#
echo c - .
mkdir -p . > /dev/null 2>&1
echo x - ./Makefile
sed 's/^X//' >./Makefile << 'END-of-./Makefile'
X# New ports collection makefile for: gwee
X# Date created: 2005-05-04
X# Whom: chinsan <chinsan at mail2000.com.tw>
X#
X# $FreeBSD$
X#
X
XPORTNAME= gwee
XPORTVERSION= 1.36
XCATEGORIES= www security
XMASTER_SITES= http://tigerteam.se/dl/gwee/
X
XMAINTAINER= ports at FreeBSD.org
XCOMMENT= Tool to exploit command execution vulnerabilities in web scripts
X
XRUN_DEPENDS= ${PYTHON_CMD}:${PORTSDIR}/lang/python
X
XUSE_OPENSSL= yes
XUSE_PERL5= yes
X
XMAKE_ARGS= unix
XALL_TARGET= ${PORTNAME}
XMAN1= ${PORTNAME}.1
X
XPLIST_FILES= bin/${PORTNAME}
X
Xdo-install:
X ${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${PREFIX}/bin
X ${INSTALL_MAN} ${WRKSRC}/${PORTNAME}.1 ${MANPREFIX}/man/man1
X
X.include <bsd.port.mk>
END-of-./Makefile
echo x - ./distinfo
sed 's/^X//' >./distinfo << 'END-of-./distinfo'
XMD5 (gwee-1.36.tar.gz) = 4e0c09fdc6a261e80bdba34aba1f9a29
XSIZE (gwee-1.36.tar.gz) = 313562
END-of-./distinfo
echo x - ./pkg-descr
sed 's/^X//' >./pkg-descr << 'END-of-./pkg-descr'
Xgwee (Generic Web Exploitation Engine) is a small program written in C
Xdesigned to exploit input validation vulnerabilities in web scripts, such as
XPerl CGIs, PHP, etc.
X
Xgwee is much like an exploit, except more general-purpose. It features several
Xreverse (connecting) shellcodes (x86 Linux, FreeBSD, NetBSD, Perl script (universal),
XPython script (universal)), 4 methods of injecting (executing) them,
Xbuilt-in http/https client and built-in server (listener) for receiving connections
X(and remote shell) from injected shellcodes.
X
XWWW: http://tigerteam.se/dl/gwee/
END-of-./pkg-descr
exit
--- gwee.shar ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list