header-logo
Suggest Exploit
vendor:
PerlDesk
by:
Unknown
7.5
CVSS
HIGH
Server-side script execution
CWE
Product Name: PerlDesk
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

PerlDesk server-side script execution vulnerability

The vulnerability allows an attacker to execute the contents of Perl scripts on the affected server's filesystem. This can be done by manipulating the 'lang' parameter in the pdesk.cgi script. The execution occurs within the context of the affected CGI application with the privileges of the web server process. If the attacker does not have direct access to the server, they can still exploit the vulnerability to gather sensitive information through error messages. Additionally, the attacker can leverage the vulnerability to execute other preexisting scripts on the system, potentially aiding them in further attacks.

Mitigation:

The vendor has not provided a patch or mitigation steps. However, it is recommended to restrict access to the affected server and implement appropriate security measures to prevent unauthorized access.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11160/info

It is reported that PerlDesk is susceptible to a server-side script execution vulnerability.

This vulnerability may be exploited to execute the contents of Perl scripts contained on the affected server filesystem. This will execute script code in the context of the affected CGI application, typically with the privileges of the web server process.

If a remote attacker does not have access to the affected server in a manner sufficient to place malicious a Perl script to exploit this vulnerability, they may still exploit it for information disclosure purposes. Error messages that will reportedly be displayed when PerlDesk attempts to include files requested by the attacker may contain potentially sensitive information. With sufficient knowledge of the affected system, an attacker may also cause other preexisting scripts to be executed that may also aid them in further attacks.

This vulnerability may aid the attacker in further application, or system attacks.

Http://www.example.com/cgi-bin/pdesk.cgi?lang=h4x0rs%20Rul3z
Http://www.example.com/cgi-bin/pdesk.cgi?lang=../../../../../../../proc/version%00

Navigation

Suggest Exploit

Services By CQR