- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 19444
- Проверка EDB
-
- Пройдено
- Автор
- STEFAN LAUDA
- Тип уязвимости
- REMOTE
- Платформа
- HARDWARE
- CVE
- cve-1999-0913
- Дата публикации
- 1999-08-05
Network Security Wizards Dragon-Fire IDS 1.0 - Command Execution
Код:
source: https://www.securityfocus.com/bid/564/info
The Dragon-Fire IDS remote web interface under version 1.0 has an insecure CGI script which allows for users to remotely execute commands as the user nobody. This could lead to a remote compromise of the system running Dragon-Fire.
Via the web interface for Dragon-Fire inside the IPONE field type your desired command prefaced with a | an example could be:
|echo 'uname -a'
The output of the command will then be displayed in the right hand window of the IDS WWW interface.- Источник
- www.exploit-db.com
