Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-17505 PoC — ArticaTech Artica Proxy 操作系统命令注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-17505.yaml
Associated Vulnerability
Title:ArticaTech Artica Proxy 操作系统命令注入漏洞 (CVE-2020-17505)
Description:ArticaTech Artica Proxy是法国ArticaTech公司的一款开源的Artica代理解决方案。 Artica Web Proxy 4.30.000000版本中的cyrus.php文件的‘service-cmds’参数存在安全漏洞。远程攻击者可利用该漏洞以root权限执行命令。
Description
Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
File Snapshot

 id: CVE-2020-17505

info:
  name: Artica Web Proxy 4.30 - OS Command Injection
  author: dwisiswant0

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.