107 matches found
Information disclosure
PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...
PHP多个函数绕过safe_mode安全限制漏洞
BUGTRAQ ID: 35435 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 在安全模式下,PHP没有禁用exec、system、passthru和popen这四个函数,只是在 safemodeexecdir目录下执行。但当safemode=on且safemodeexecdir为空时(默认),PHP在处理这一过程中存在安全隐患,在windows下exec/system/passthru可以通过引入“\”来执行程序。 以exec函数为例分析源码: // exec.c PHPFUNCTIONexec...
PHP 5.2.10 safe_mode Bypass
PHP safemode bypass with exec/system/passthru Once again php public new version :php5.2.10 ,and it fix lots of bugs, like this : Bug 45997safemode bypass with exec/system/passthru incorrect fix php5.2.10 ... b = strrchrcmd, PHPDIRSEPARATOR; ifdef PHPWIN32 if b && b == '\' && b == cmd...
eLitius 1.0 Remote Command Execution Exploit
Exploit for unknown platform in category web applications ============================================ eLitius 1.0 Remote Command Execution Exploit ============================================ ============================================================================== eLitius v1.0 Remote Comma...
pPIM 1.01 (notes.php id) Remote Command Execution Exploit
Exploit for unknown platform in category web applications ========================================================= pPIM 1.01 notes.php id Remote Command Execution Exploit ========================================================= !/usr/bin/perl pPIM 1.01 notes.php id Remote Command Execution...
SUMON <= 0.7.0 (chg.php host) Command Execution Vulnerability
Exploit for unknown platform in category web applications ============================================================= SUMON /tmp/dupa; Bug: ./sumon-0.7.0/server/www/chg.php lines: 32-25, 99 ... if arraykeyexists"host",$GET $host = $GET"host"; ... passthru"$bindir/chmgmtinfobuilder.pl --html...
fspgb-exec.txt
| | | \ \ \ / / / \ / | / | / | | | | | | \ V / / \ | | | | | | | | | Name required: Write - Mahmood In - Web site without http://: Write - http://tryag.cc In - Message: Write - After All This Go http://www.sanusart.com/php/test/guestbook/guestbook.php?tryag=id See Pictures : 1-...
Multiple Vulnerabilities in AWStats Totals
Emory University UTS Security Advisory EMORY-2008-01 Topic: Multiple Vulnerabilities in AWStats Totals Original release date: August 26, 2008 SUMMARY ======= Telartis's AWStats Totals program is vulnerable to command execution and cross site scripting attacks. A remote attacker could exploit thes...
fuzzylime-lfi.txt
!/usr/bin/perl ---------------------------------------------------------- Fuzzylime CMS 3.01 Multiple LFI / RCE author : Cod3rZ website : http://cod3rz.helloweb.eu ---------------------------------------------------------- http://site/blog.php?file=../file\0...
BadBlue 2.72b PassThru Buffer Overflow
This module exploits a stack buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :pattern = /BadBlue//...
Stack overflow
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string...
CVE-2007-6377
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string...
CVE-2007-6377
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string...
In the PHP implementation of the system to external command-and-vulnerability warning-the black bar safety net
PHP as a server side scripting language, like writing a simple, or a complex dynamic web page such a task, it is fully able to do the job. But the thing is not always the case, sometimes in order to achieve a certain function, it must be by means of theoperating systemof the external program, or...
Maran PHP Forum - 'forum_write.php' Remote Code Execution
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + + Y! Underground Group + + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-...
CVE-2007-1277
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via 1 an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and 2 an...
Design/Logic Flaw
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via 1 an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and 2 an...
CVE-2007-1277
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via 1 an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and 2 an...
WSN Forum <= 1.3.4 (prestart.php) Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+:...
ProgSys 0.156 - 'RR.php' Remote File Inclusion
!/usr/bin/perl use LWP::UserAgent; ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+ +:+ ++...