Snoopy 0.9x/1.0/1.2 - Arbitrary Command Execution
| EKU-ID: 31739 | CVE: CVE-2005-3330;OSVDB-20316 | OSVDB-ID: |
| Author: D. Fabian | Published: 2005-10-26 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 31739 | CVE: CVE-2005-3330;OSVDB-20316 | OSVDB-ID: |
| Author: D. Fabian | Published: 2005-10-26 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/15213/info Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input. This issue may facilitate unauthorized remote access to the application in the context of the webserver. https://www.%22;+echo+'hello'+%3E+test.txt Passing this URI to a script that uses a vulnerable version of Snoopy will result in a file called 'test.txt' containing 'hello'.