CVE-2018-17173 PoC — LG SuperSign CMS 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-17173.yaml

Associated Vulnerability

Title:LG SuperSign CMS 安全漏洞 (CVE-2018-17173)
Description:LG SuperSign CMS是韩国乐金（LG）集团的一套针对LG webOS的内容管理系统。该系统支持连接外部数据库，并允许从移动设备访问服务器。 LG SuperSign CMS中存在存在安全漏洞。远程攻击可通过向qsr_server/device/getThumbnail发送‘sourceUri’参数利用该漏洞执行任意代码。

Description

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.

File Snapshot


 id: CVE-2018-17173

info:
  name: LG Supersign EZ CMS - Remote Code Execution
  author: pussycat0x
 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!