Endinan Firewall Community version 3.3.2 authenticated remote code execution as nobody.
when i was start create backup, output of ps command is be interesting.
and checking the input is validated ?
no. we can run command.check the permission.
we can run command as nobody.
1-) login in web application.
2-) create backup and select any options and write payload to comment. eg. aaaa$(id)bbbb
3-) start to backup.
Proof Of Concept
POC VIDEO
proof of concept as video: watch