Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Inspur Clusterengine V4 SYSshell - Remote Command Execution" module is designed to detect a vulnerability in the Inspur Clusterengine V4 SYSshell software. This vulnerability allows remote command execution, posing a critical security risk. The module targets systems running the Inspur Clusterengine V4 SYSshell software and checks for the presence of a specific vulnerability.
If successfully exploited, this vulnerability can allow an attacker to execute arbitrary commands on the target system. This can lead to unauthorized access, data theft, system compromise, and potential disruption of critical services.
The module sends a POST request to the target system's "/sysShell" endpoint with specific parameters. It checks for two matching conditions to determine if the vulnerability is present:
If both conditions are met, the module reports the vulnerability, indicating that the target system is vulnerable to remote command execution.
Example HTTP request:
POST /sysShell HTTP/1.1
Host: <Hostname>
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Cookie: lang=cn
op=doPlease&node=cu01&command=cat+/etc/passwd
Note: Replace <Hostname> with the actual hostname of the target system.
It is crucial to address this vulnerability promptly by applying the necessary patches or updates provided by the software vendor. Regular security assessments and monitoring can help detect and mitigate such vulnerabilities before they are exploited.