Revenue Collection System 1.0 SQL Injection / Remote Code Execution
Revenue Collection System version 1.0 suffers from an unauthenticated SQL injection vulnerability in step1.php that allows remote attackers to write
a malicious PHP file to disk. The resulting file can then be accessed
within the /rates/admin/DBbackup directory. This script will write the malicious PHP file to disk, issue a user-defined command, then retrieve
the result of that command.
https://packetstormsecurity.com/files/169916/rcs10-sqlexec.py.txt
Wed, 16 Nov 2022 16:13:53 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com