Immunity, Inc.
Name piwik
CVE CVE-2009-4137
Exploit Pack CANVAS
DescriptionPiwik unserialize() + __destruct
NotesReferences: ['http://www.sektioneins.com/en/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/', 'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4137']
Notes:

This exploit gets a remote shell from vulnerable piwik installation (Piwik <= 0.4.5).

You will probably need to break out of safe mode for this as well.


Date public: 12/9/2009
Repeatability: Infinite
CVE Name: CVE-2009-4137

Learn more about the CANVAS Exploit Pack here: CANVAS