SCAN: Edit.pl Access
This signature detects access to the edit.pl CGI script, a common target of vulnerability scanners.
Extended Description
FreeStats.com is a free service which allows users to track web statistics. When the attacker selects the "CLICK HERE TO EDIT YOUR USER PROFILE & COUNTER INFO" prompt the system will call up 'edit.pl', the output of which may then be saved to hard-disk. The attacker then substitutes his own values into the saved HTML form and submits it in his / her web browser. By modifying a local copy of the form, the user can change the user whos settings are being modified. An attacker may use this vulnerability to modify the settings of arbitrary FreeStats users, possibly causing a denial of service.
Affected Products
Freestats.com freestats
References
BugTraq: 2713
Short Name
SCAN:MISC:HTTP:EDIT-ACCESS
Severity
Info
Recommended
False
Recommended Action
None
Category
SCAN
Keywords
Access Edit.pl bid:2713
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Rarely
Vendors
Freestats.com