Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
RESOLV_HOST_CONF Command Injection - exploit.company
header-logo
Suggest Exploit
vendor:
by:
Unknown
7.5
CVSS
HIGH
Command Injection
78
CWE
Product Name:
Affected Version From: Not specified
Affected Version To: Not specified
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Not specified
1996

RESOLV_HOST_CONF Command Injection

The RESOLV_HOST_CONF environment variable is vulnerable to command injection. An attacker can set the variable to a malicious command, which will be executed when the system tries to resolve a hostname. In this example, the attacker sets the variable to /etc/shadow; ping adfas, causing the system to ping the host adfas after reading the /etc/shadow file.

Mitigation:

To mitigate this vulnerability, ensure that the RESOLV_HOST_CONF environment variable is properly sanitized and does not allow for command injection. Additionally, it is recommended to restrict access to sensitive files such as /etc/shadow.
Source

Exploit-DB raw data:

setenv RESOLV_HOST_CONF /etc/shadow; ping adfas

# milw0rm.com [1996-01-01]

Navigation

Suggest Exploit

Services By CQR