mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 09:12:08 +00:00
951 B
951 B
CVE-2019-13475
Description
In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.
POC
Reference
- https://www.vulnerability-lab.com/get_content.php?id=2186
- https://www.vulnerability-lab.com/get_content.php?id=2186
Github
No PoCs found on GitHub currently.