Computer Associates Oneview Monitor 6.0 – ‘doSave.jsp’ Remote Code Execution

• Exploit Database
• 116 阅读

• 作者： Giorgio Fedon
  日期： 2010-08-12
• 类别：

  • webapps
  平台：

  • jsp
• 来源：https://www.exploit-db.com/exploits/34440/
• 1 2 3 4 5 6 7 8 9 10

  source: https://www.securityfocus.com/bid/42413/info   Computer Associates Oneview Monitor is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.   Exploiting this issue will allow an attacker to inject and execute arbitrary JSP code in the context of the affected webserver.   The following example URI is available:   ttp://www.example.com/sitemindermonitor/doSave.jsp?file=../attacksample.jsp