Snoopy 0.9x1.01.2 - Arbitrary Command Execution

2005-10-26T00:00:00
ID EXPLOITPACK:61EB14ACF6BD1140D47FB66F7FBB7990
Type exploitpack
Reporter D. Fabian
Modified 2005-10-26T00:00:00

Description

Snoopy 0.9x1.01.2 - Arbitrary Command Execution

                                        
                                            source: https://www.securityfocus.com/bid/15213/info

Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input.

This issue may facilitate unauthorized remote access to the application in the context of the webserver. 


https://www.%22;+echo+'hello'+%3E+test.txt

Passing this URI to a script that uses a vulnerable version of Snoopy will result in a file called 'test.txt' containing 'hello'.