vegadns vulnerable to command injection
wireghoul opened this issue · comments
Eldar Marcussen commented
axfr_get.php does not escape the file variable, proof of concept available at: https://github.com/wireghoul/sploit-dev/blob/master/izunadrop
Bill Shupp commented
Thanks for reporting and the POC. This is fixed in 0.13.3.