Computer Associates Oneview Monitor 6.0 – ‘doSave.jsp’ Remote Code Execution

• Exploit Database
• 12 阅读

• 作者： Giorgio Fedon
  日期： 2010-08-12
• 类别：

  • webapps
  平台：

  • jsp
• 来源：https://www.exploit-db.com/exploits/34440/

• source: https://www.securityfocus.com/bid/42413/info
  
  Computer Associates Oneview Monitor is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
  
  Exploiting this issue will allow an attacker to inject and execute arbitrary JSP code in the context of the affected webserver. 
  
  The following example URI is available:
  
  ttp://www.example.com/sitemindermonitor/doSave.jsp?file=../attacksample.jsp