module
Matt Wright guestbook.pl Arbitrary Command Execution
| Disclosed | Created |
|---|---|
| Nov 5, 1999 | May 30, 2018 |
Disclosed
Nov 5, 1999
Created
May 30, 2018
Description
The Matt Wright guestbook.pl a flaw that may allow arbitrary command execution. The vulnerability
requires that HTML posting is enabled in the guestbook.pl script, and
that the web server must have the Server-Side Include (SSI) script
handler enabled for the '.html' file type. By combining the script
weakness with non-default server configuration, it is possible to exploit
this vulnerability successfully.
requires that HTML posting is enabled in the guestbook.pl script, and
that the web server must have the Server-Side Include (SSI) script
handler enabled for the '.html' file type. By combining the script
weakness with non-default server configuration, it is possible to exploit
this vulnerability successfully.
Author
aushack [email protected]
Platform
Linux,Unix,Windows
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.