EXPLOITDB-EDB-18262

EXPLOITDB text VERIFIED WORKING POC

Exploit for CVE-2011-3587 - Zope <2.13.x - RCE

AI Analysis

This exploit leverages a path traversal vulnerability in Plone's webdav/xmltools endpoint to execute arbitrary commands via the 'os.popen2' module. The PoC demonstrates command injection by exfiltrating '/etc/passwd' over a netcat connection.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Exploitdb

Type webapps

Platform multiple

Language text

Files 1

https://www.exploit-db.com/exploits/18262

Authors

Nick Miles

Vulnerability

CVE-2011-3587

Zope <2.13.x - RCE