| 标题 | Tosei Corporation TOSEI online store management system (aka TOSEIネット店舗管理システム) 4.02/4.03/4.04 Code Injection |
|---|
| 描述 | Vendor:
Tosei (https://www.tosei-corporation.co.jp/)
Product:
TOSEI online store management system (aka TOSEIネット店舗管理システム)
Product documentation:
https://www.tosei-corporation.co.jp/pdf/manual/cl_current/OP_THS-300-WEB.pdf
Version:
4.02/4.03/4.04
Shodan Dorks:
http.favicon.hash:-244067125 http.html:Tosei
Class:
Remote Code Exection
Impact:
Command injection vulnerability allows authenticated attackers execute commands by bypassing internal restrictions through tosei_kikai.php.
Attack vector:
;ping -c 3 <host_listening_for_icmp>
Poc:
For more details, please refer to the URL provided in the "Advisory / Proof-of-Concept"
Discoverer:
b0rgch3n (https://github.com/b0rgch3n)
|
|---|
| 来源 | ⚠️ https://gist.github.com/b0rgch3n/bb47a1ed6f66c1e8c7a80f210f4ac8ef |
|---|
| 用户 | b0rgch3n (UID 72796) |
|---|
| 提交 | 2024-08-07 15時51分 (2 年前) |
|---|
| 管理 | 2024-08-16 22時45分 (9 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 274905 [Tosei Online Store Management System ネット店舗管理システム /cgi-bin/tosei_kikai.php 权限提升] |
|---|
| 积分 | 20 |
|---|