Full Disclosure mailing list archives
Actual Analyzer Unauthenticated Command Execution
From: "Benjamin Harris" <bch () hush ai>
Date: Thu, 28 Aug 2014 00:21:26 +0100
Hi All URL: http://www.actualscripts.com/products/analyzer/ I tried to report this a month ago, but got no response from the developers via the support form on their website, requesting a GPG key. This is an old vulnerability I found while dusting off some old hard drives. Latest still vulnerable. Brief: ------------------------- The most popular web statistics tools delivers one big flat list with statistics for any website. It is very easy in use but for websites with small amount of pages only. Besides are provided the primary opportunities for analyses of web site statistics only. Details: -------------------------- We control limited characters of an eval. Load commands into unused variable and use backticks to execute command in short space. Attached is a POC. Pre-reqs are that you must know the domain of a website being tracked by this script. Many thanks, Ben
Attachment:
release.py
Description:
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Actual Analyzer Unauthenticated Command Execution Benjamin Harris (Aug 27)