Exploit Super Site Searcher - Remote Command Execution

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21768
Проверка EDB
  1. Пройдено
Автор
LUCA.ERCOLI
Тип уязвимости
WEBAPPS
Платформа
CGI
CVE
cve-2002-2420
Дата публикации
2002-09-03
Код:
source: https://www.securityfocus.com/bid/5605/info

Super Site Searcher is prone to remote command execution. Shell metacharacters are not adequately filtered from query string parameters in a request to the vulnerable search engine script. The parameters are then used in a function which passes commands directly through the shell.

A remote attacker may exploit this condition to execute arbitrary commands on the shell with the privileges of the webserver process.

Simple Site Searcher, released by the same vendor, is also prone to this issue. 

http://target/searchenginepath/site_searcher.cgi?page=|command|
 
Источник
www.exploit-db.com

Похожие темы