Miyabi CGI Tools 1.02 - 'index.pl' Remote Command Execution

EDB-ID:

34223




Platform:

CGI

Date:

2010-06-29


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/41228/info

Miyabi CGI Tools is prone to a vulnerability that attackers can leverage to execute arbitrary commands in the context of the application. This issue occurs because the application fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

Miyabi CGI Tools 1.02 is vulnerable; other versions may also be affected.

http://www.example.com/index.pl?mode=html&fn=|uname%20-a|