|
|
 |
Sonicwall Signatures
Go to All Categories list.
| | reNgine waf_detector Command Injection |
Category: WEB-ATTACKS
| reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output. |
|
|
|
