Cacti cmd.php Multiple Parameter SQL Injection Arbitrary Command Execution

The remote host is running Cacti, a web-based, front end to RRDTool for network graphing. The version of Cacti on the remote host does not properly check to ensure that the 'cmd.php' script is being run from a commandline and fails to sanitize user-supplied input before using it in database...

Cacti cmd.php脚本远程SQL注入漏洞

Cacti是一款轮循数据库（RRD）工具，可帮助从数据库信息创建图形，有多个Linux版本。 Cacti的cmd.php脚本处理用户提交的参数数据时存在输入验证漏洞，远程攻击者可能利用此漏洞执行SQL注入攻击。 Cacti的cmd.php脚本没有正确验证对URL的输入，允许攻击者通过SQL注入非授权操作数据库。成功攻击要求打开了registerargcargv。此外没有过滤cmd.php中SQL查询的结果便用作了shell命令，这可能导致注入任意shell命令 Cacti Cacti 0.8.6i 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版...

CVE-2006-6799

SQL injection vulnerability in Cacti 0.8.6i and earlier, when registerargcargv is enabled, allows remote attackers to execute arbitrary SQL commands via the 1 second or 2 third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are...

CVE-2006-6799

SQL injection vulnerability in Cacti 0.8.6i and earlier, when registerargcargv is enabled, allows remote attackers to execute arbitrary SQL commands via the 1 second or 2 third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are...

Cacti 0.8.6i - cmd.php?popen() Remote Injection

Cacti 0.8.6i - cmd.php?popen Remote Injection 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex =...

Cacti 0.8.6i - 'cmd.php?popen()' Remote Injection

126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d...

Cacti <= 0.8.6i cmd.php popen() Remote Injection Exploit

Exploit for unknown platform in category web applications ======================================================== Cacti 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".deche...

Back-end0721.txt

/ Federico Fazzi, / Back-end = 0.7.2.1 jpcache.php Remote command execution / 08/06/2006 1:04 Bug: jpcache.php: line 40 --- $includedir = $PSL'classdir' . "/jpcache"; --- Proof of concept: Back-end have a default path pre-set on jpcache.php, and cracker can execute a remote command...

phpfm.txt

upload phpshell in PHPFM discovered by rUnViRuS www.worlddefacers.net www.security-arab.com =-=-=-=-=-=-=-=-= the code shell :- --------------- save as cmd.php now upload in PHPFM =-=-=-= Used Shell =-=-=-= www.site.com/file upload name/files/cmd.php?cmd=command linux...