The writeup details an unauthenticated RCE vulnerability in Clickheat 1.13+ due to unsanitized input in the `parseClickLogs.pl` script, allowing command injection via pipe symbols in the `srcFile` parameter. The exploit leverages Perl's `open()` function to execute arbitrary commands when the script is accessed via a URL.
Classification
Writeup 95%
Target:
Clickheat 1.13+
No auth needed
Prerequisites:
Apache with Perl CGI support · ExecCGI directive enabled · Publicly accessible `parseClickLogs.pl` script