.. / CVE-2007-3010

Exploit for Alcatel-Lucent OmniPCX - Remote Command Execution (CVE-2007-3010)

Description:

The OmniPCX web interface has a script “masterCGI” with a remote command execution vulnerability via the “user” parameter.

Nuclei Template

View the template here CVE-2007-3010.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2007/CVE-2007-3010.yaml
Copy

References:

http://www.redteam-pentesting.de/advisories/rt-sa-2007-001.php
http://www.vupen.com/english/advisories/2007/3185
http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm
https://marc.info/?l=full-disclosure&m=119002152126755&w=2
https://nvd.nist.gov/vuln/detail/CVE-2007-3010