header-logo
Suggest Exploit
vendor:
WebPALS
by:
SecurityFocus
8.8
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: WebPALS
Affected Version From: WebPALS 1.0
Affected Version To: WebPALS 1.0
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: a:webpals:webpals:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2001

A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS

WebPALS is vulnerable to a specially crafted URL composed of a known filename, which can be used to disclose the requested file residing on a machine running WebPALS. This vulnerability can also be used to execute arbitrary code with root privileges.

Mitigation:

Upgrade to the latest version of WebPALS.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2372/info
 
A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges. 

http://target/pals-cgi?palsAction=restart&documentName=url_to_command

Navigation

Suggest Exploit

Services By CQR