Vulners
Lucene search
eping.txt
`www.RedC0de.org found the following error in eping:
Details
-------
Advisory name: Arbitrary code execution in eping plugin
Advisory number: 1
Application: eping
Aplication author: apnovi3
Security-Risk: high - very high
Remote-Exploit: Yes
Discovered by: m00fd1 aka Tr|p
Introduction
------------
Eping is a simple php script executing the ping command,
eping is an plugin for e107 portal system.
Unfortunately a bug allows users to execute arbritary commands.
More details
------------
The problem is based upon the fact that not all user inputs are filtered
correctly. Variable $eping_host is not filtered using preg_replace.
Proof of concept
----------------
You must put an evil code in $eping_host variable...
Example: ?eping_host=127.0.0.1;ls...
?eping_host=127.0.0.1;cd%20/;cat%20/etc/passwd...
Security-Risk
-------------
Because an attacker is able to execute any php command, he is able to
read all files including .htaccess or .htpasswd files or any password
protected pages. Depending on system security he might be able to run
any shell command on the server. That is why we are rating this security
issue to high - very high.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Jun 2005 00:00Current
7.4High risk
Vulners AI Score7.4