Signature Detail
Short Name |
SCAN:MISC:HTTP:EDIT-ACCESS |
|---|---|
Severity |
Info |
Recommended |
No |
Category |
SCAN |
Keywords |
HTTP CGI Perl |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SCAN: Edit.pl Access
This signature detects access to the edit.pl CGI script, a common target of vulnerability scanners.
Extended Description
FreeStats.com is a free service which allows users to track web statistics. When the attacker selects the "CLICK HERE TO EDIT YOUR USER PROFILE & COUNTER INFO" prompt the system will call up 'edit.pl', the output of which may then be saved to hard-disk. The attacker then substitutes his own values into the saved HTML form and submits it in his / her web browser. By modifying a local copy of the form, the user can change the user whos settings are being modified. An attacker may use this vulnerability to modify the settings of arbitrary FreeStats users, possibly causing a denial of service.
Affected Products
- FreeStats.com FreeStats 1.0.0
References
- BugTraq: 2713