packetstorm_rss (![[info]](http://klab.lv/img/syndicated.gif){kind=small} packetstorm_rss) rakstīja,@ 2013-12-23 15:35:00 |
 |
 |
 |
|
|
|
|
|
|
 |
|
 |
OpenSIS 'modname' PHP Code Execution
This Metasploit module exploits a PHP code execution vulnerability in OpenSIS versions 4.5 to 5.2 which allows any authenticated user to execute arbitrary PHP code under the context of the web-server user. The 'ajax.php' file calls 'eval()' with user controlled data from the 'modname' parameter.
This Metasploit module exploits a PHP code execution vulnerability in OpenSIS versions 4.5 to 5.2 which allows any authenticated user to execute arbitrary PHP code under the context of the web-server user. The 'ajax.php' file calls 'eval()' with user controlled data from the 'modname' parameter.
