New Vulnerability on Vodafone website - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner

Breaking

New Vulnerability on Vodafone website

The researchers Group "HackerDesk" was found the new vulnerability in vodafone website, that is lbas.vodafone.com. researchers are found that subdomain is vulnerable to Remote command Execution(CVE-2013-1965).


The vulnerability allows for some post exploitation techniques to be utilized, such as installing backdoors and JSP post-exploitation took kits.  This allows for more elaborate and complex attacks to occur.

The exploitation of this vulnerability when combined with post-exploitation tool kits could be full compromise of a system with the ability for that system to be used for onward compromise of connected hosts.


By sending a payload to the server, the researcher is able to execute their commands.  The results will return in a download file.

Researchers are informed this vulnerability to Vodafone and suggested to upgrade to the latest version of struts which contains the corrected OGNL and Xwork library. It appears Vodafone team took the subdomain offline to apply patches.



Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter

No comments:

Post a Comment