Exploits / Vulnerability Discovered : 2018-08-02 |
Type : webapps |
Platform : php
This exploit / vulnerability Cososys endpoint protector 4.5.0.1 (authenticated) remote root command injection is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Title : CoSoSys Endpoint Protector - Authenticated Remote Root Command Injection
# Date : Vulnerability submitted in 01/12/2017 and published in 01/08/2018
# Author : 0x09AL
# Tested on : Endpoint Protector 4.5.0.1
# Software Link : https://www.endpointprotector.com/
# Vulnerable Versions : Endpoint Protector <= 4.5.0.1
# Endpoint Protector suffers from an authenticated command injection vulnerability. By default the username and password are : root:epp2011
# In the Appliance Tab , Server Maintenance the NTP Server field is vulnerable to command injection. There is a call to sh -c {NTP Server field} which is not validated. Attached is the exploit which does this automatically.
# The command may take a while to execute.