Marcus Xenakis directory.php Shell Command Execution Vulnerability

The directory.php script provides a web interface for directory listings, similar to the 'ls' command. An issue exists in this script which could allow a user to execute arbitrary shell commands. This is achieved by including metacharacters such as ; or | in the script's input. Shell commands will execute with the permissions of the script process, often a non-privileged user 'nobody'.


 

Privacy Statement
Copyright 2010, SecurityFocus