Summary
The Certificate Signing Request (CSR) feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The application failed to properly sanitize user-supplied input before using it in a command executed privileges.
Severity
High - An attacker could gain access to execute arbitrary commands on the server with root privileges.
Proof of Concept
POST /as/wapi/generate_csrHTTP/1.1
Host: myonlinemeeting
connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 187
sid=SID_HERE&common_name=1"%20out%20/dev/null"`COMMAND_HERE`&company_name=1&state=1&city=1&country=US&submit=Generate+CSR
Further Analysis
To address this vulnerability, a strict input validation and sanitization mechanism to ensure that user-supplied data is properly sanitized before being used in command execution should be implemented.
Timeline
Date reported: 4/17/2024
Date fixed:
Date disclosed: 7/24/2024
0xc0ffeee Finder
Summary
The Certificate Signing Request (CSR) feature in the admin portal of the application is vulnerable to command injection. This vulnerability could allow authenticated admin users to execute arbitrary commands on the underlying server by injecting malicious input into the CSR generation process. The application failed to properly sanitize user-supplied input before using it in a command executed privileges.
Severity
High - An attacker could gain access to execute arbitrary commands on the server with root privileges.
Proof of Concept
Further Analysis
To address this vulnerability, a strict input validation and sanitization mechanism to ensure that user-supplied data is properly sanitized before being used in command execution should be implemented.
Timeline
Date reported: 4/17/2024
Date fixed:
Date disclosed: 7/24/2024