Antologic Antolinux 1.0 – Administrative Interface ‘NDCR’ Remote Command Execution

Antologic Antolinux 1.0 – Administrative Interface ‘NDCR’ Remote Command Execution

漏洞ID 1054379 漏洞类型
发布时间 2004-01-26 更新时间 2004-01-26
图片[1]-Antologic Antolinux 1.0 – Administrative Interface ‘NDCR’ Remote Command Execution-安全小百科CVE编号 N/A
图片[2]-Antologic Antolinux 1.0 – Administrative Interface ‘NDCR’ Remote Command Execution-安全小百科CNNVD-ID N/A
漏洞平台 Linux CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23604
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9495/info

It has been reported that Antologic Antolinux may be prone to a remote command execution vulnerability that may allow an attacker to execute arbitrary commands with the privileges of the server hosting the vulnerable software. The issue exists due to insufficient sanitization of user-supplied input via the 'NDCR' parameter. An attacker may need to spoof the HTTP REFERER and the vulnerability may only be exploited if sudo is not enabled.

Antologic Antolinux 1.0 has been reported to be prone to this issue, however, other versions may be affected as well. 

The following proof of concept examples have been supplied:
http://www.example.com/dns/ndcr.php?NDCR=anything;[arbritary commands]
http://www.example.com/libs/calendrier.php?lng=../../../../../../../../../home/web/ISA/htdocs/wmi/dns/ndcr&NDCR=foo ;cat /etc/passwd > lostnoobs.txt

相关推荐: WFTPD Path/File Mapping Buffer Overflow Vulnerability

WFTPD Path/File Mapping Buffer Overflow Vulnerability 漏洞ID 1103248 漏洞类型 Boundary Condition Error 发布时间 2001-05-24 更新时间 2001-05-24 C…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享