Remote Command Execution In Csv-database Ver1.00

Full Version: Remote Command Execution In Csv-database Ver1.00

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

qcred11

Jun 29 2005, 04:33 AM

QUOTE

remote command execution in csv-Database Ver1.00

Developed by: K-COLLECT
http://www.k-collect.net
Program Name:csv-Database Ver1.00
Solution : None at this time
Risk factor : High
vendor: no respond

An attacker may exploit this vulnerability to execute
commands on
the remote host by adding special parameters to
csv_db.cgi script.

Proof Of Concept:
http://[target]/csv_db/csv_db.cgi?file=file.extention|command|

Link is unavailable

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.