Vulnerabilities в FtpLocate

Здравствуйте 3APA3A! Сообщаю вам о найденных мною 12.10.2006 Cross-Site Scripting уязвимостях в FtpLocate - движке поиска по ftp серверам. Уязвимости в скрипте flsearch.pl в параметрах all, query, nounix, sizemin, sizemax, sizeunit и sizebytes. XSS:...

CVE-2005-2420

flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request...

CVE-2005-2420

CVE-2005-2420 affects FtpLocate 2.02 (flsearch.pl) and allows remote command execution by injecting shell metacharacters through HTTP GET. Connected Nessus plugin NASL confirms a remote file inclusion style input manipulation via the fsite parameter, enabling arbitrary command execution on the af...

FtpLocate <= 2.02 (current) Remote Command Execution Exploit

Exploit for cgi platform in category web applications ============================================================ FtpLocate newPeerAddr = $host, PeerPort = 80, Proto = "tcp" or die "socket: "; sub ch2hex $chr = $0; $out=""; for$i=0;$i; print "remote file: "; chomp$rfile = ; my $socket =...