Skip to content

Latest commit

 

History

History
30 lines (18 loc) · 771 Bytes

CVE-2023-30258.md

File metadata and controls

30 lines (18 loc) · 771 Bytes

Vulnerability Type

OS Command Injection

Description

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.

PoC Report

Environment Setup

Exploit Description

The sink is the exec function in lib/icepay/icepay.php, and the vulnerable parameter is democ, which must be longer than 5 characters to trigger the os command injection.

Steps to Reproduce

  1. Send the request.
  2. Observe the result and the page will take 5 seconds to load.

Proof Of Concept

http://magnusbilling/lib/icepay/icepay.php?democ=;sleep+5;