CVE-2016-10108 PoC — Western Digital MyCloud NAS 命令注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2016/CVE-2016-10108.yaml

Associated Vulnerability

Title:Western Digital MyCloud NAS 命令注入漏洞 (CVE-2016-10108)
Description:Western Digital MyCloud NAS是美国西部数据（Western Digital）公司的一款个人网络云存储设备。 Western Digital MyCloud NAS 2.11.142版本中的/web/google_analytics.php URL存在安全漏洞。攻击者可借助POST数据中特制的‘arg’参数利用该漏洞注入远程命令。

Description

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.

File Snapshot


 id: CVE-2016-10108

info:
  name: Western Digital MyCloud NAS - Command Injection
  author: Dhiyanes

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!