Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-37123 PoC — pinger 操作系统命令注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-37123.yaml
Associated Vulnerability
Title:pinger 操作系统命令注入漏洞 (CVE-2020-37123)
Description:pinger是wcchandler个人开发者的一个Web监控应用程序。 pinger 1.0版本存在操作系统命令注入漏洞,该漏洞源于ping和socket参数存在未清理的输入,可能导致攻击者注入shell命令并执行任意代码。
Description
Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.
File Snapshot

 id: CVE-2020-37123

info:
  name: Pinger 1.0 - Remote Code Execution
  author: bswearingen
  severit

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.