Advisory: Remote Command Execution in PDNS Manager RedTeam Pentesting discovered that PDNS Manager is vulnerable to a remote command execution vulnerability, if for any reason the configuration file config/config-user.php does not exist. Details ======= Product: PDNS Manager Affected Versions: Git master 3bf4e28 (2016-12-12) - 2bb00ea (2017-05-22) Fixed Versions: <= v1.2.1, >= Git Commit ccc4232 Vulnerability Type: Remote Command Execution Security Risk: medium Vendor URL: http://ift.tt/2tHSbpP Vendor Status: fixed version released Advisory URL: http://ift.tt/2soHvIv Advisory Status: published CVE: GENERIC-MAP-NOMATCH CVE URL: http://ift.tt/1jQGmEN Introduction ============ "PDNS Manager is a simple yet powerful administration tool for the Powerdns authoritative nameserver." "PNDS Manager was developed from scratch to achieve a user-friendly and pretty looking interface." (from project website) [0] More Details ============ PDNS Manager includes two files used for installation purposes, install.php and api/install.php. The documentation tells users to start the installation by navigating to install.php and filling out the form that is presented there to create a database connection and an admin account. When submitted, an HTTP POST request with the configuration data is sent to api/install.php. The data is first validated in api/install.php by using it to connect to the database:
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment