iOffice 0.1 is vulnerable because it does not sanitize user input. It seems to be modular because none of the scripts are exactly the same on ones I've run across, but they all seem to be vulnerable. Command execution is possible.
www.example.com/cgi-bin/index.pl?section_name=whatever§ion=ioffice¶metre=|id| I couldn't find exactly where this was distributed from, or who the author is, and it's not written in my native language, so if anyone knows, please let me know.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
