Actual Analyzer Unauthenticated Command Execution

["Benjamin Harris" <bch () hush ai>]

Hi All

URL: http://www.actualscripts.com/products/analyzer/

I tried to report this a month ago, but got no response from the  
developers via the support form on their website, requesting a GPG 
key. This is an old vulnerability I found while dusting off some 
old hard drives. 

Latest still vulnerable.

Brief:
-------------------------

The most popular web statistics tools delivers one big flat list 
with statistics for any website. It is very easy in use but for 
websites with small amount of pages only. Besides are provided the 
primary opportunities for analyses of web site statistics only.


Details:
--------------------------

We control limited characters of an eval. Load commands into unused 
variable and use backticks to execute command in short space. 
Attached is a POC.

Pre-reqs are that you must know the domain of a website being 
tracked by this script.

Many thanks,
Ben

Attachment: release.py
Description:

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/