# Sar2HTML 3.2.1 遠程命令執行漏洞
==EXP==
# Exploit Title: sar2html Remote Code Execution # Date: 01/08/2019 # Exploit Author: Furkan KAYAPINAR # Vendor Homepage:https://github.com/cemtan/sar2html # Software Link: https://sourceforge.net/projects/sar2html/ # Version: 3.2.1 # Tested on: Centos 7 In web application you will see index.php?plot url extension. http:///index.php?plot=; will execute the command you entered. After command injection press "select # host" then your command's output will appear bottom side of the scroll screen.
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容