A group named as "HackerDesk" have identified a security vulnerability affecting one of the subdomains of Vodafone website. "lbas.vodafone.com" is found to be vulnerable to Remote command Execution(CVE-2013-1965).
"The Vulnerability alone may not hugely significant, but when put into the context of an tack it can have much greater consequences. The vulnerability allows for some post exploitation techniques to be utilized, such as installing backdoors and JSP post-exploitation took kits. This allows for more elaborate and complex attacks to occur." The researcher said.
"The true impact of the exploitation of this vulnerability when combined with post-exploitation tool kits could be full compromise of a system with the ability for that system to be used for onward compromise of connected hosts."
By sending a payload to the server, the researcher is able to execute any commands he wanted. The results will return in a download file.
Researchers reported about the vulnerability to Vodafone and suggested to upgrade to the latest version of struts which contains the corrected OGNL and Xwork library. It appears Vodafone team took the subdomain offline to apply patches.
You can find the technical details in this document.
"The Vulnerability alone may not hugely significant, but when put into the context of an tack it can have much greater consequences. The vulnerability allows for some post exploitation techniques to be utilized, such as installing backdoors and JSP post-exploitation took kits. This allows for more elaborate and complex attacks to occur." The researcher said.
"The true impact of the exploitation of this vulnerability when combined with post-exploitation tool kits could be full compromise of a system with the ability for that system to be used for onward compromise of connected hosts."
By sending a payload to the server, the researcher is able to execute any commands he wanted. The results will return in a download file.
Researchers reported about the vulnerability to Vodafone and suggested to upgrade to the latest version of struts which contains the corrected OGNL and Xwork library. It appears Vodafone team took the subdomain offline to apply patches.
You can find the technical details in this document.
