GREED 0.81 - '.GRX' File List Command Execution

EDB-ID:

25034

CVE:

N/A

EDB Verified:

Author:

Manigandan Radhakrishnan

Type:

remote

Exploit:   /  

Platform:

Windows

Date:

2004-12-15

Vulnerable App: 
source: https://www.securityfocus.com/bid/12034/info

greed (Get and Resume Elite Edition) is prone to unauthorized command execution. This issue is exposed when the application processes a GRX file list that specifies shell metacharacters and commands in file names on the list. GRX file lists allow file downloads to be scripted. Since GRX file lists may originate from an external or untrusted source, this vulnerability is considered to be remote in nature.

Successful exploitation will result in command execution in the context of the application. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25034.zip
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services