Zeroshell Command Injection Vulnerability
漏洞信息
漏洞名称: Zeroshell Command Injection Vulnerability
漏洞编号:
- CVE: CVE-2020-29390
漏洞类型: 命令执行
漏洞等级: 严重
漏洞描述: Zeroshell是一个基于Linux的路由器和管理系统,广泛用于企业和小型办公室环境中,提供网络管理、VPN、防火墙等功能。由于其功能强大且易于部署,Zeroshell在特定用户群体中有着广泛的应用。该漏洞存在于Zeroshell 3.9.3版本中,由于/cgi-bin/kerbynet StartSessionSubmit参数未对用户输入进行适当的清理,导致攻击者可以通过注入shell元字符和%0a字符,实现未认证的系统命令执行。这种命令注入漏洞的技术根源在于输入验证不足,使得攻击者能够绕过预期的输入限制,直接向系统发送恶意命令。此漏洞的严重性在于,它允许未经身份验证的远程攻击者在受影响的系统上执行任意命令,可能导致完全的系统控制、数据泄露或服务中断。由于攻击不需要任何形式的认证,且可以通过网络自动执行,因此该漏洞对使用受影响版本Zeroshell的系统构成了极高的安全风险。
产品厂商: Zeroshell
产品名称: Zeroshell
影响版本: 3.9.3
搜索语法: http.title:”zeroshell”
来源: https://github.com/projectdiscovery/nuclei-templates/issues/12607
类型: projectdiscovery/nuclei-templates:github issues
来源概述
Description:
Zeroshell 3.9.3 contains a command injection caused by unsanitized input in the /cgi-bin/kerbynet StartSessionSubmit parameter, letting unauthenticated attackers execute system commands, exploit requires use of shell metacharacters and %0a character.
Severity: Critical
POC:
KEV: True
Shodan Query: http.title:"zeroshell"
Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(
-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.
Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.