GESEC Team discovered some remote vulnerabilities on US Marine Corps Website. A remote attacker is able to include malicious routines which can be execute against customers on server-side.  The inputs on PATH are not validated/parsed and an attacker could include malicious code/scripts which can be combined with other functions in the CMS. The result is a code exectuion(server-side) based on  the application.

Weiterlesen »