Date: Thu, 5 May 2005 13:09:47 +0800 (CST) From: chinsan <chinsan@mail2000.com.tw> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/80639: [NEW PORT] www/gwee: Tool to exploit command execution vulnerabilities in web scripts Message-ID: <200505050509.j4559ltS058931@chinsan.twbbs.org> Resent-Message-ID: <200505050510.j455A1Pl025976@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 80639 >Category: ports >Synopsis: [NEW PORT] www/gwee: Tool to exploit command execution vulnerabilities in web scripts >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu May 05 05:10:00 GMT 2005 >Closed-Date: >Last-Modified: >Originator: chinsan >Release: FreeBSD 5.3-RELEASE i386 >Organization: >Environment: System: FreeBSD chinsan.twbbs.org 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: gwee (Generic Web Exploitation Engine) is a small program written in C designed to exploit input validation vulnerabilities in web scripts, such as Perl CGIs, PHP, etc. WWW: http://tigerteam.se/dl/gwee/ >How-To-Repeat: # mkdir /usr/ports/www/gwee ; cd /usr/ports/www/gwee # sh gwee.shar # make install clean >Fix: --- gwee.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # . # ./Makefile # ./distinfo # ./pkg-descr # echo c - . mkdir -p . > /dev/null 2>&1 echo x - ./Makefile sed 's/^X//' >./Makefile << 'END-of-./Makefile' X# New ports collection makefile for: gwee X# Date created: 2005-05-04 X# Whom: chinsan <chinsan@mail2000.com.tw> X# X# $FreeBSD$ X# X XPORTNAME= gwee XPORTVERSION= 1.36 XCATEGORIES= www security XMASTER_SITES= http://tigerteam.se/dl/gwee/ X XMAINTAINER= ports@FreeBSD.org XCOMMENT= Tool to exploit command execution vulnerabilities in web scripts X XRUN_DEPENDS= ${PYTHON_CMD}:${PORTSDIR}/lang/python X XUSE_OPENSSL= yes XUSE_PERL5= yes X XMAKE_ARGS= unix XALL_TARGET= ${PORTNAME} XMAN1= ${PORTNAME}.1 X XPLIST_FILES= bin/${PORTNAME} X Xdo-install: X ${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${PREFIX}/bin X ${INSTALL_MAN} ${WRKSRC}/${PORTNAME}.1 ${MANPREFIX}/man/man1 X X.include <bsd.port.mk> END-of-./Makefile echo x - ./distinfo sed 's/^X//' >./distinfo << 'END-of-./distinfo' XMD5 (gwee-1.36.tar.gz) = 4e0c09fdc6a261e80bdba34aba1f9a29 XSIZE (gwee-1.36.tar.gz) = 313562 END-of-./distinfo echo x - ./pkg-descr sed 's/^X//' >./pkg-descr << 'END-of-./pkg-descr' Xgwee (Generic Web Exploitation Engine) is a small program written in C Xdesigned to exploit input validation vulnerabilities in web scripts, such as XPerl CGIs, PHP, etc. X Xgwee is much like an exploit, except more general-purpose. It features several Xreverse (connecting) shellcodes (x86 Linux, FreeBSD, NetBSD, Perl script (universal), XPython script (universal)), 4 methods of injecting (executing) them, Xbuilt-in http/https client and built-in server (listener) for receiving connections X(and remote shell) from injected shellcodes. X XWWW: http://tigerteam.se/dl/gwee/ END-of-./pkg-descr exit --- gwee.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505050509.j4559ltS058931>