info
discussion
exploit
solution
references
iWare Professional Remote Code Execution Vulnerability
An exploit is not required.
The following proof of concept is available:
http://www.example.com/[path]/admin/mods/simplechat_1.0.0/chat_panel.php?talk=1&msg=[evilcode]
Privacy Statement
Copyright 2010, SecurityFocus
