DotBr 0.1 - 'System.php3' Remote Command Execution

EDB-ID:

22253


Author:

frog

Type:

webapps


Platform:

PHP

Date:

2003-02-15


source: https://www.securityfocus.com/bid/6866/info

The DotBr 'system.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands with the privileges of the webserver process. 

http://www.example.com/admin/system.php3?cmd=[COMMAND]