5 lines
No EOL
396 B
Text
5 lines
No EOL
396 B
Text
source: http://www.securityfocus.com/bid/5392/info
|
|
|
|
Dispair fails to sufficiently validate user-supplied input before it is passed to the shell via the Perl open() function. Remote attackers may potentially exploit this issue to execute arbitrary commands on the underlying shell with the privileges of the webserver process.
|
|
|
|
http://target/cgi-bin/dispair.cgi?file=fiddle&view=%0A/usr/bin/id |