Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Adding DenyAll Web Application Firewall RCE module #8980
This module exploits the command injection vulnerability of DenyAll Web Application Firewall. Unauthenticated user can execute a terminal command under the context of the web server user.
List the steps needed to make sure this thing works
Here is the advisory and technical details about that vulnerability.
Worked fine for me! I actually deployed 6.2.0.
Switched to a generic shell as well.