php code injection attack
You can execute arbitrary php commands by passing main.php specially crafted parameters. For example,
will result in a "create_funtion()" call that will execute the phpinfo() command.
|Status:||new||» in work|
Thanx for posting! This is by far the most serious bug I ever produced ...
Dou you have more examples?