7 lines
No EOL
673 B
Text
7 lines
No EOL
673 B
Text
source: http://www.securityfocus.com/bid/3985/info
|
|
|
|
Search.CGI is a component of the HTMLsearch Search Engine software distributed by AHG. The software is available for the Unix, Linux, and Microsoft platforms.
|
|
|
|
The search.cgi script included with the AHG Search Engine does not adequately filter input. Due to lack of sufficient input sanitization, it is possible for a remote user to pass semi-colon (;) and pipe (|) characters through a search request. This can result in the commands encapsulated between the symbols being executed with the privileges of the web server.
|
|
|
|
http://www.example.com/cgi-bin/publisher/search.cgi?dir=jobs&template=;ls|&output_number=10 |