POC详情： 7f80ec7587a3c88fcd1fc3a74f317873ad7914e2

描述

CVE Description

介绍

# CVE-2025-26055
CVE Description
# Author : Rohan Deshpande

 # OS Command Injection

# Summary 
OS command injection is a security vulnerability that allows an 
attacker to execute arbitrary commands on a host operating system 
via a vulnerable application. This can lead to unauthorized access, 
data breaches, and system compromise.

# Impact 
The impact of OS command injection can include unauthorized 
access to system resources, data theft, system compromise, and 
potential full control over the affected server, leading to severe 
security breaches and operational disruptions.

# Affected URL 
http://<ip>:<port>/generateTrackRoute

# Recommendation 
To mitigate OS command injection vulnerabilities, validate and 
sanitize all user inputs, use parameterized commands or APIs, and 
implement least privilege principles to limit the execution context of 
applications. Regular security testing and code reviews are also 
essential to identify and remediate potential weaknesses. 

# Proof of Concept
1. Login to the console and navigate to Troubleshoot → Tracert.
2. Enter IP and restriction bypass payload ‘&& id’. Notice the result.
3. Capture the request and try to fetch ‘/etc/passwd’ file through tracertVal
parameter and notice file displayed in HTTP response

文件快照

 [4.0K]  /data/pocs/7f80ec7587a3c88fcd1fc3a74f317873ad7914e2
└── [1.3K]  README.md

0 directories, 1 file

备注