Praetorian503 Posted February 12, 2013 Report Share Posted February 12, 2013 IRIS Citations Management Tool (post auth) Remote Command ExecutionHere is a bug that I finally found time to write about https://infosecabsurdity.wordpress.com/2013/02/09/iris-citations-management-tool-post-auth-remote-command-execution/The attached contains my mini framework, exploit and screenshot.Cheers!~ aeon# I Read It Somewhere (IRIS) <= v1.3 (post auth) Remote Command Execution# download: http://ireaditsomewhere.googlecode.com# Notes:# - Found this in my archive, duno how long this has been 0Day for... but I had no use for it obviously.# - Yes! ..the code is disgusting, but does the job# - Sorry if I ripped your code, it worked for me and I dont reinvent wheels so thank you!# ~ aeon (https://infosecabsurdity.wordpress.com/)## Exploit requirements:# ~~~~~~~~~~~~~~~~~~~~~## - A valid account as at least a user# - The target to have outgoing internet connectivityExploit: http://www.exploit-db.com/sploits/24480.tar.gzSource: IRIS Citations Management Tool (post auth) Remote Command Execution Quote Link to comment Share on other sites More sharing options...
