 |
|
|
|
| Vulnerability details : |
| |
 |
|
ActivePerl findtar Sample Script Remote Command Execution |
|
|
Fiche créée le 2002-09-12 16:02:08, dernière mise à jour le 2008-03-02 23:46:57
ActiveState Perl contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the example script 'findtar' not properly sanitizing user input. This may allow an attacker to execute arbitrary commands on the affected web server. As well the web server must be vulnerable to a directory traversal attack or have the 'findtar' script present in the web root.
There are other scripts that are affected but they are unspecified.
http://[target]/."./."./Perl/eg/core/findtar+&+echo+hacked+>+c:\InetPub\wwwroot\hacked.html+&+.pl
|
| |
| ActiveState 5.005xx Affected | | ActiveState 5.6.2 Affected | | ActiveState 5.6.1 Affected | | ActiveState 5.6.0 Affected | | | Attack Type : Input Manipulation
XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding. | Découvert le 2000-12-07 07:00:00
| | Disclosure : OSVDB Verified | Confirmé le 2000-12-07 07:00:00
| | Exploit : Exploit Public | Exploit découvert le 2000-12-07 07:00:00
| Impact : Loss of Integrity
Assurance that data is unaltered by unauthorized persons.
Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc. | | | Location : Remote / Network Access
If network access if required and exploit can be done remotely. | | | OSVDB : Web Related
The vulnerability is a web issue and will have an associated security check. | | |
| |
| External refs : |
| OSVDB 826 | | | | | | | | | | | | |
| |
| |
| |
| |
|
|
|
|
| Free consultation (search) |
|
|
|
|
|
| |
|
|
|
