Leif Wright Web Blog Arbitrary Command Execution

2004-01-29T09:27:29
ID OSVDB:3793
Type osvdb
Reporter OSVDB
Modified 2004-01-29T09:27:29

Description

Vulnerability Description

Web Blog contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is triggered when a specially crafted URL is sent to the server. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Web Blog contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is triggered when a specially crafted URL is sent to the server. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Manual Testing Notes

http://www.example.com/directory/blog.cgi?submit=ViewFile&month=[month]&year=[year]&file=|command|

References:

Vendor URL: http://leifwright.com Secunia Advisory ID:10776 Other Advisory URL: http://www.securityfocus.com/archive/1/352303 ISS X-Force ID: 15019 CVE-2004-2347 Bugtraq ID: 9539