lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20140827232126.D280BC00FD@smtp.hushmail.com>
Date: Thu, 28 Aug 2014 00:21:26 +0100
From: "Benjamin Harris" <bch@...h.ai>
To: fulldisclosure@...lists.org
Subject: [FD] Actual Analyzer Unauthenticated Command Execution

Hi All

URL: http://www.actualscripts.com/products/analyzer/

I tried to report this a month ago, but got no response from the  
developers via the support form on their website, requesting a GPG 
key. This is an old vulnerability I found while dusting off some 
old hard drives. 

Latest still vulnerable.

Brief:
-------------------------

The most popular web statistics tools delivers one big flat list 
with statistics for any website. It is very easy in use but for 
websites with small amount of pages only. Besides are provided the 
primary opportunities for analyses of web site statistics only.


Details:
--------------------------

We control limited characters of an eval. Load commands into unused 
variable and use backticks to execute command in short space. 
Attached is a POC.

Pre-reqs are that you must know the domain of a website being 
tracked by this script.

Many thanks,
Ben
View attachment "release.py" of type "text/x-python" (1611 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ