SHARE
CORE IMPACT v12 - Exploits Update (Tue Jan 31 2012)
Plone popen2 Remote Command Execution Exploit
Exploits/Remote [Linux]
Tue Jan 31 2012
This module exploits a remote command execution vulnerability in the Zope web application server used by Plone, by sending a specially crafted HTTP request to the affected web site. The vulnerability exists because it is possible to remotely invoke the popen2 function from the Python os package with arbitrary arguments in the context of the affected server. This can be exploited by remote unauthenticated attackers to execute arbitrary code on the vulnerable machine.
Exploits Vulnerabiltiy: CVE-2011-3587