Prodder Arbitrary Shell Command Execution Vulnerability
BID:18068
CVE-2006-2548 |Info
Prodder Arbitrary Shell Command Execution Vulnerability
| Bugtraq ID: | 18068 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 22 2006 12:00AM |
| Updated: | May 23 2006 09:08PM |
| Credit: | RedTeam Pentesting is credited with the discovery of this vulnerability. |
| Vulnerable: |
Prodder prodder 0.4 |
| Not Vulnerable: |
Prodder prodder 0.5 |
Discussion
Prodder Arbitrary Shell Command Execution Vulnerability
Prodder is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary shell commands on the vulnerable computer in the context of the running application.
Prodder is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary shell commands on the vulnerable computer in the context of the running application.
Exploit / POC
Prodder Arbitrary Shell Command Execution Vulnerability
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
Prodder Arbitrary Shell Command Execution Vulnerability
Solution:
The vendor has released version 0.5 to address this issue.
Prodder prodder 0.4
Solution:
The vendor has released version 0.5 to address this issue.
Prodder prodder 0.4
-
Prodder prodder-0.5.tgz
http://prdownloads.sourceforge.net/prodder/prodder-0.5.tgz?download
References
Prodder Arbitrary Shell Command Execution Vulnerability
References:
References:
- Advisory: Prodder Remote Arbitrary Command Execution (RedTeam)
- Prodder Homepage (Prodder)