vegadns vulnerable to command injection

Question

wireghoul opened this issue 8 years ago · comments

axfr_get.php does not escape the file variable, proof of concept available at: https://github.com/wireghoul/sploit-dev/blob/master/izunadrop

Bill Shupp · Answer 1 · Sat Oct 22 2016 04:41:55 GMT+0800 (China Standard Time)

Thanks for reporting and the POC. This is fixed in 0.13.3.