CVE-2020-35729 PoC — KLog Server 操作系统命令注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-35729.yaml

Associated Vulnerability

Title:KLog Server 操作系统命令注入漏洞 (CVE-2020-35729)
Description:KLog是ZhaoKaiQiang（KLog）个人开发者的一款用于安卓开发的日志工具。该工具主要功能为打印行号、函数调用、Json解析、XML解析、点击跳转、Log信息保存等功能。 KLog Server 2.4.1 存在操作系统命令注入漏洞，该漏洞源于允许通过action authentication .php用户参数中的shell元字符注入OS命令。

Description

Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The `authenticate.php` file uses the `user` HTTP POST parameter in a call to the `shell_exec()` PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The sudo configuration permits the Apache user to execute any command as root without providing a password, resulting in privileged command execution as root. Originated from Metasploit module, copyright (c) space-r7.

File Snapshot


 id: CVE-2020-35729

info:
  name: Klog Server <=2.41 - Unauthenticated Command Injection
  author: d

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!