- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 34440
- Проверка EDB
-
- Пройдено
- Автор
- GIORGIO FEDON
- Тип уязвимости
- WEBAPPS
- Платформа
- JSP
- CVE
- N/A
- Дата публикации
- 2010-08-12
Computer Associates Oneview Monitor 6.0 - 'doSave.jsp' Remote Code Execution
Код:
source: https://www.securityfocus.com/bid/42413/info
Computer Associates Oneview Monitor is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to inject and execute arbitrary JSP code in the context of the affected webserver.
The following example URI is available:
ttp://www.example.com/sitemindermonitor/doSave.jsp?file=../attacksample.jsp- Источник
- www.exploit-db.com
