module
Ajenti auth username Command Injection
| Disclosed |
|---|
| 2019-10-14 |
Disclosed
2019-10-14
Description
This module exploits a command injection in Ajenti == 2.1.31.
By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.