Using the API /api/common/ping it's possible to achieve remote command execution on the host machine. This leads to complete control over the machine hosting the server.
Here the problem is the fact that the server doesn't sanitize correctly the input checking that the host provided is a legitimate one, allowing also characters like ;, | or &.
The text was updated successfully, but these errors were encountered:
Using the API
/api/common/pingit's possible to achieve remote command execution on the host machine. This leads to complete control over the machine hosting the server.To reproduce the vulnerability:
node index.jsHTTP request:
This is the vulnerable code:
Here the problem is the fact that the server doesn't sanitize correctly the input checking that the host provided is a legitimate one, allowing also characters like
;,|or&.The text was updated successfully, but these errors were encountered: