The RNN Guestbook version 1.2 has multitudes of vulnerabilities. They range from allowing a remote attacker to execute commands to the ability to achieve full administrative access without authentication. Full descriptions and exploitation enclosed.
bbc07675f04461c29b805cfaf9019fee859075f88d1bcbb7eef350c4e27c9d74The TRACKtheCLICK script is vulnerable to an injection attack due to the User-Agent and Referer variables not being filtered in click.cgi, allowing a malicious attacker to spoof incorrect information and when admin.cgi is opened, the injected code will be executed by the victim's browser.
1aaaed1d3addfb60459fea9d4ac3a4bcb3f996fedc2ddabc1ff833147a5a8a84
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed