New User, Welcome!     Login

deletesite

Remote Command Execution in dotDefender Site Management

The Site Management application of dotDefender is reachable as a web
application (https:site/dotDefender/)
on the webserver. After passing the Basic Auth login you can
create/delete applications.
The mentioned vulnerability is in the 'deletesite' implementation and
the 'deletesitename' variable.
Insufficient input validation allows an attacker to inject arbitrary commands.


Delete Site

Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management

> 
> The Site Management application of dotDefender is reachable as a web
> application (https:site/dotDefender/)
> on the webserver. After passing the Basic Auth login you can
> create/delete applications.
> The mentioned vulnerability is in the 'deletesite' implementation and
> the 'deletesitename' variable.
> Insufficient input validation allows an attacker to inject arbitrary
> commands.
> 
>


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!