Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2009-0545 PoC — ZeroShell 'cgi-bin/kerbynet' 远程指令执行漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2009/CVE-2009-0545.yaml
Associated Vulnerability
Title:ZeroShell 'cgi-bin/kerbynet' 远程指令执行漏洞 (CVE-2009-0545)
Description:ZeroShell是为嵌入式设备开发的一个基于Linux的网络服务器系统的操作系,是Linux的一个发行版,能提供路由、桥接、防火墙等各种主要网络功能。 ZeroShell 1.0beta11及之前版本中的cgi-bin/kerbynet允许远程攻击者借助NoAuthREQ x509List操作中的类别参数里的外壳元字符,执行任意指令。
Description
ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.
File Snapshot

 id: CVE-2009-0545

info:
  name: ZeroShell <= 1.0beta11 Remote Code Execution
  author: geeknik
  se

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.