Pwning rConfig: part two
Hello everyone, remember the post about rConfig? https://stark0de.com/2020/08/27/pwning-rconfig-part-one.html Well, apart from all those vulnerabilities I found 3 authenticated RCEs along with 2 authentication bypasses (one of those leveraging an information disclosure). It is also worth saying that many of the previous known vulnerabilities (with CVE assigned and everything) were still present in the version 3.9.5 (which was the one I tested), so there are more ways to RCE ;) The technical details are better explained here: https://ssd-disclosure.com/ssd-advisory-rconfig-unauthenticated-rce/
Have a good day :)
Comments