5/23/2023 0 Comments Goahead web server update![]() An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. A successful attack can lead to arbitrary code execution under the security context of the server process Extended DescriptionĮmbedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. ![]() This signature detects attempts to exploit a known vulnerability against EmbedThis GoAhead Web Server. HTTP: EmbedThis GoAhead Web Server Remote Code Execution The GoAhead Web Server is available as an open source. GoAhead Web Server Directory Traversal and Cross-Site. Super(updateinfo(info, 'Name' >'GoAhead Web Server LDPRELOAD Arbitrary Module Load'. EmbedThis GoAhead Web Server Remote Code Execution
0 Comments
Leave a Reply. |