| 제목 | KaiYuanTong ECT platform <=2.0.0 Pre-Auth Command Execution |
|---|
| 설명 | The ECT platform version ≤ 2.0.0 has a code execution vulnerability in the /public/server/runCode.php file. This pre-authentication endpoint allows attackers to send a specially crafted POST request to execute arbitrary code on the server. For example, sending the request POST /server/runCode.php with the body code=<?php system('whoami'); ?> will execute the whoami command. This vulnerability can lead to unauthorized access and control over the server. |
|---|
| 원천 | ⚠️ https://note.zhaoj.in/share/ASPsoVCrLqKK |
|---|
| 사용자 | glzjin (UID 59815) |
|---|
| 제출 | 2024. 12. 28. AM 06:05 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 08. PM 03:40 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 290792 [KaiYuanTong ECT Platform 까지 2.0.0 HTTP POST Request runCode.php code 권한 상승] |
|---|
| 포인트들 | 20 |
|---|