CVE-2018-1207 PoC — Dell EMC iDRAC7和iDRAC8 代码注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-1207.yaml

Associated Vulnerability

Title:Dell EMC iDRAC7和iDRAC8 代码注入漏洞 (CVE-2018-1207)
Description:Dell EMC iDRAC7和iDRAC8都是美国戴尔（Dell）公司的包含硬件和软件的系统管理解决方案。该方案为Dell PowerEdge系统提供远程管理、崩溃系统恢复和电源控制等功能。 Dell EMC iDRAC7和iDRAC8 2.52.52.52之前版本中存在安全漏洞。远程攻击者可借助CGI变量利用该漏洞执行代码。

Description

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a CGI injection vulnerability
which could be used to execute remote code. A remote unauthenticated attacker may
potentially be able to use CGI variables to execute remote code.

File Snapshot


 id: CVE-2018-1207

info:
  name: Dell iDRAC7/8 Devices - Remote Code Injection
  author: dwisiswant0

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!