module
Ajenti auth username Command Injection
| Disclosed |
|---|
| Oct 14, 2019 |
Disclosed
Oct 14, 2019
Description
This module exploits a command injection in Ajenti == 2.1.31.
By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.