OS Command Injection
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
- Software Link: https://github.com/magnussolution/magnusbilling7
- Version: 7af21ed
- Tested on: Debian
The sink is the exec function in lib/icepay/icepay.php, and the vulnerable parameter is democ, which must be longer than 5 characters to trigger the os command injection.
- Send the request.
- Observe the result and the page will take 5 seconds to load.
http://magnusbilling/lib/icepay/icepay.php?democ=;sleep+5;