Snoopy 0.9x/1.0/1.2 - Arbitrary Command Execution Vulnerability

2005-10-26T00:00:00
ID EDB-ID:26424
Type exploitdb
Reporter D. Fabian
Modified 2005-10-26T00:00:00

Description

Snoopy 0.9x/1.0/1.2 Arbitrary Command Execution Vulnerability. CVE-2005-3330 . Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/15213/info

Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input.

This issue may facilitate unauthorized remote access to the application in the context of the webserver. 


https://www.%22;+echo+'hello'+%3E+test.txt

Passing this URI to a script that uses a vulnerable version of Snoopy will result in a file called 'test.txt' containing 'hello'.