Wordit Logbook 098b3 Logbook.pl Remote Command Execution Vulnerability

2003-03-07T00:00:00
ID EDB-ID:22337
Type exploitdb
Reporter Aleksey Sintsov
Modified 2003-03-07T00:00:00

Description

Wordit Logbook 098b3 Logbook.pl Remote Command Execution Vulnerability. Webapps exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/7043/info

A remote command execution vulnerability has been discovered in the Wordit Logbook application. This issue occurs due to insufficient sanitization of externally supplied data to the 'logbook.pl' script.

A remote attacker may exploit this condition to gain local, interactive access to the underlying host.

This vulnerability was reported to affect Wordit Logbook version 098b3 previous versions may also be affected.

www.example.com/logbook.pl?file=../../../../../../../bin/cat%20logbook.pl%00|