JSA10469 - Pre-authentication CGI script prints arbitrary contents of XML and ZIP files

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Certain CGI scripts found on the appliance are accessible during pre-authentication. There is an issue that may allow access to arbitrary XML files or the contents of ZIP files on the...

phpBB 2.0.10 - Remote Command Execution (CGI)

!/usr/bin/perl wphpbb.cgi hack service: http://site/cgi-bin/wphpbb.cgi use CGI qw:standard; $CGI::HEADERSONCE = 1; $CGI = new CGI; $atak = $CGI-param"atak"; $serv = $CGI-param"serv"; $dir = $CGI-param"dir"; $topic = $CGI-param"topic"; $cmd = $CGI-param"cmd"; print...

Bug in Eupload

Bug in Eupload ----------------- | By ZeroByte || [email protected] | | ICQ 98177781 | 1.1 - What is Eupload? Eupload, is an web utility used to facilitate the update of web sites by means of scripts CGI. This tool allows the ascent of files to the servant by means of an web interface. The...

Alibaba get32.exe Arbitrary Command Execution

The 'get32.exe' CGI script is installed on this machine. This CGI has a well known security flaw that allows an attacker to execute arbitrary commands on the remote system with the privileges of the HTTP daemon typically root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...