DotBr 0.1 - 'Exec.php3' Remote Command Execution

EDB-ID:

22254


Author:

frog

Type:

webapps


Platform:

PHP

Date:

2003-02-15


source: https://www.securityfocus.com/bid/6867/info

The DotBr 'exec.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands with the privileges of the webserver process. 

http://www.example.com/admin/exec.php3?cmd=[COMMAND]