Submit #387406: Tosei Corporation TOSEI online store management system (aka TOSEIネット店舗管理システム) 4.02/4.03/4.04 Code Injectioninfo

TitleTosei Corporation TOSEI online store management system (aka TOSEIネット店舗管理システム) 4.02/4.03/4.04 Code Injection
DescriptionVendor: Tosei (https://www.tosei-corporation.co.jp/) Product: TOSEI online store management system (aka TOSEIネット店舗管理システム) Product documentation: https://www.tosei-corporation.co.jp/pdf/manual/cl_current/OP_THS-300-WEB.pdf Version: 4.02/4.03/4.04 Shodan Dorks: http.favicon.hash:-244067125 http.html:Tosei Class: Remote Code Exection Impact: Command injection vulnerability allows authenticated attackers execute commands by bypassing internal restrictions through tosei_kikai.php. Attack vector: ;ping -c 3 <host_listening_for_icmp> Poc: For more details, please refer to the URL provided in the "Advisory / Proof-of-Concept" Discoverer: b0rgch3n (https://github.com/b0rgch3n)
Source⚠️ https://gist.github.com/b0rgch3n/bb47a1ed6f66c1e8c7a80f210f4ac8ef
User
 b0rgch3n (UID 72796)
Submission08/07/2024 15:51 (2 years ago)
Moderation08/16/2024 22:45 (9 days later)
StatusAccepted
VulDB entry274905 [Tosei Online Store Management System ネット店舗管理システム /cgi-bin/tosei_kikai.php command injection]
Points20

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!