oss-sec mailing list archives
Re: RCE, XSS and HTTP header injection in fli4l web interface
From: Felix Eckhofer <felix () tribut de>
Date: Sun, 01 Feb 2015 14:42:20 +0100
Hey. Am 01.02.2015 04:05, schrieb cve-assign () mitre org:
For the "execute arbitrary programs" issues, can you provide specific names for the vulnerability types, or any equivalent information? Examples of vulnerability types can be found on the https://www.owasp.org/index.php/Category:Vulnerability and http://cwe.mitre.org web sites.
Thank you for your response and sorry for the inaccurate description. In both cases user-supplied strings are used in an expression which is later passed to /bin/sh's eval. So I would classify both as Command Injection (https://www.owasp.org/index.php/Command_Injection).
Best Regards felix
Current thread:
- RCE, XSS and HTTP header injection in fli4l web interface Felix Eckhofer (Jan 31)
- Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Jan 31)
- Re: RCE, XSS and HTTP header injection in fli4l web interface Felix Eckhofer (Feb 01)
- Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Feb 01)
- Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Jan 31)