____ ____ __ __ / \ / \ | | | | ----====####/ /\__\##/ /\ \##| |##| |####====---- | | | |__| | | | | | | | ___ | __ | | | | | ------======######\ \/ /#| |##| |#| |##| |######======------ \____/ |__| |__| \______/ Computer Academic Underground http://www.caughq.org Security Advisory ===============/======================================================== Advisory ID: CAU-1998-0004 Release Date: 1998.05.27 Title: GTE Cybercenter - Software Restrictions Subversion Application/OS: GTE Cybercenter Kiosk Interface Software for Windows 95 Topic: Complete Access to Windows 95 is possible using a few simple techniques. Vendor Status: Unreachable Attributes: Access Control Subversion Advisory URL: http://www.caughq.org/advisories/CAU-1998-0004.txt Author/Email: I)ruid (druid@caughq.org) int3l (int3l@caughq.org) ===============/======================================================== Problem ------- The GTE Cybercenter's Software Program is designed to allow users to swipe their credit card to use services provided such as web browsing, email checking, telnet, etc. This software does not allow the user to access anything on the computer system outside it's limited menu of options. Complete access to the OS, BIOS, and all system software is possible by using a few simple techniques such as a DoS attack and CGI. Example ------- An example can be found at: http://www.caughq.org/~druid/GTE_cybercenters.txt Technical Explanation --------------------- Details can be found at: http://www.caughq.org/~druid/GTE_cybercenters.txt Solution -------- There is no solution at this time. How To Exploit -------------- Exploit information can be found at: http://www.caughq.org/~druid/GTE_cybercenters.txt