From owner-freebsd-ports-bugs@FreeBSD.ORG Thu May 5 05:10:01 2005 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A96716A4CE for ; Thu, 5 May 2005 05:10:01 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3993C43D2D for ; Thu, 5 May 2005 05:10:01 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j455A1sV025977 for ; Thu, 5 May 2005 05:10:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j455A1Pl025976; Thu, 5 May 2005 05:10:01 GMT (envelope-from gnats) Resent-Date: Thu, 5 May 2005 05:10:01 GMT Resent-Message-Id: <200505050510.j455A1Pl025976@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, chinsan Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7276B16A4CE for ; Thu, 5 May 2005 05:09:46 +0000 (GMT) Received: from chinsan.twbbs.org (sw169-31-180.adsl.seed.net.tw [221.169.31.180]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47DE143DAB for ; Thu, 5 May 2005 05:09:45 +0000 (GMT) (envelope-from root@chinsan.twbbs.org) Received: from chinsan.twbbs.org (localhost [127.0.0.1]) by chinsan.twbbs.org (8.13.1/8.13.1) with ESMTP id j4559mLr058932 for ; Thu, 5 May 2005 13:09:48 +0800 (CST) (envelope-from root@chinsan.twbbs.org) Received: (from root@localhost) by chinsan.twbbs.org (8.13.1/8.13.1/Submit) id j4559ltS058931; Thu, 5 May 2005 13:09:47 +0800 (CST) (envelope-from root) Message-Id: <200505050509.j4559ltS058931@chinsan.twbbs.org> Date: Thu, 5 May 2005 13:09:47 +0800 (CST) From: chinsan To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/80639: [NEW PORT] www/gwee: Tool to exploit command execution vulnerabilities in web scripts X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: chinsan List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 May 2005 05:10:01 -0000 >Number: 80639 >Category: ports >Synopsis: [NEW PORT] www/gwee: Tool to exploit command execution vulnerabilities in web scripts >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu May 05 05:10:00 GMT 2005 >Closed-Date: >Last-Modified: >Originator: chinsan >Release: FreeBSD 5.3-RELEASE i386 >Organization: >Environment: System: FreeBSD chinsan.twbbs.org 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: gwee (Generic Web Exploitation Engine) is a small program written in C designed to exploit input validation vulnerabilities in web scripts, such as Perl CGIs, PHP, etc. WWW: http://tigerteam.se/dl/gwee/ >How-To-Repeat: # mkdir /usr/ports/www/gwee ; cd /usr/ports/www/gwee # sh gwee.shar # make install clean >Fix: --- gwee.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # . # ./Makefile # ./distinfo # ./pkg-descr # echo c - . mkdir -p . > /dev/null 2>&1 echo x - ./Makefile sed 's/^X//' >./Makefile << 'END-of-./Makefile' X# New ports collection makefile for: gwee X# Date created: 2005-05-04 X# Whom: chinsan X# X# $FreeBSD$ X# X XPORTNAME= gwee XPORTVERSION= 1.36 XCATEGORIES= www security XMASTER_SITES= http://tigerteam.se/dl/gwee/ X XMAINTAINER= ports@FreeBSD.org XCOMMENT= Tool to exploit command execution vulnerabilities in web scripts X XRUN_DEPENDS= ${PYTHON_CMD}:${PORTSDIR}/lang/python X XUSE_OPENSSL= yes XUSE_PERL5= yes X XMAKE_ARGS= unix XALL_TARGET= ${PORTNAME} XMAN1= ${PORTNAME}.1 X XPLIST_FILES= bin/${PORTNAME} X Xdo-install: X ${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${PREFIX}/bin X ${INSTALL_MAN} ${WRKSRC}/${PORTNAME}.1 ${MANPREFIX}/man/man1 X X.include END-of-./Makefile echo x - ./distinfo sed 's/^X//' >./distinfo << 'END-of-./distinfo' XMD5 (gwee-1.36.tar.gz) = 4e0c09fdc6a261e80bdba34aba1f9a29 XSIZE (gwee-1.36.tar.gz) = 313562 END-of-./distinfo echo x - ./pkg-descr sed 's/^X//' >./pkg-descr << 'END-of-./pkg-descr' Xgwee (Generic Web Exploitation Engine) is a small program written in C Xdesigned to exploit input validation vulnerabilities in web scripts, such as XPerl CGIs, PHP, etc. X Xgwee is much like an exploit, except more general-purpose. It features several Xreverse (connecting) shellcodes (x86 Linux, FreeBSD, NetBSD, Perl script (universal), XPython script (universal)), 4 methods of injecting (executing) them, Xbuilt-in http/https client and built-in server (listener) for receiving connections X(and remote shell) from injected shellcodes. X XWWW: http://tigerteam.se/dl/gwee/ END-of-./pkg-descr exit --- gwee.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted: