Description - Multiple Vulnerabilities in PerlBlog
Multiple Vulnerabilities found in PerlBlog script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
1. Arbitrary file creation with user-defined data.
Vulnerable script: weblog.pl
User-defined post variables are not properly sanitized. "reply" parameter may contain arbitrary filename. weblog.pl creates a file with "name" and "body" parameter values included.
System access is possible.
2. Directory traversal vulnerability.
Vulnerable script: weblog.pl
Input parameter "month" isn't properly sanitized. This can be used to read arbitrary txt-files.
3. Cross-Site Scripting vulnerability.
Vulnerable script: weblog.pl
Post variables "name" and "email" are not properly sanitized. This can be used to post arbitrary HTML or JavaScript code.
Order Source Code Audit
Prevent hacker attacks by source code audit of your website or web application made by Aliaksandr Hartsuyeu.The order will be done by specialists in website security.