Advantech iView NetworkServlet Command Injection

Posted by deepcore on August 18, 2022 – 11:47 pm

Advantech iView software versions prior to 5.7.04.6469 are vulnerable to an unauthenticated command injection vulnerability via the NetworkServlet endpoint. The database backup functionality passes a user-controlled parameter, backup_file to the mysqldump command. The sanitization functionality only tests for SQL injection attempts and directory traversal, so leveraging the -r and -w mysqldump flags permits exploitation. The command injection vulnerability is used to write a payload on the target and achieve remote code execution as NT AUTHORITY\SYSTEM.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Update Chrome Now To Patch Actively Exploited Zero Day Chrome content::ServiceWorkerVersion::MaybeTimeoutRequest Heap Use-After-Free »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Advantech iView NetworkServlet Command Injection

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL