Information Security Knowledge Blog by Vinesh Redkar

Information Security Knowledge Blog by Vinesh Redkar

AT&T Arbitrary Code Execution Vulnerability

PublishedJuly 26, 2016

•2 min read

Recently, I found an interesting issue Remote Code Execution for AT&T bug bounty program.

But before going into this let’s understand Arbitrary Code Execution –

Arbitrary Code Execution also know as command injection, is a technique used via a web interface in order to execute OS commands on a web server. The user supplies operating system commands through a web interface in order to execute OS commands. Any web interface that is not properly sanitized is subject to this exploit. With the ability to execute OS commands, the user can upload malicious programs or even obtain passwords. OS command injection is preventable when security is emphasized during the design and development of applications.

The issue was reported on October 21, 2014 to AT&T Security Team.
Resolved on Jan 27, 2015 by AT&T

The issue that I found was straightforward and needs no explanation

I was able to execute the OS level command on the System below is the step wise screenshot of the Attack.

Step 1- Affected Page

Step 1: Submit Request

Step 2 Capture Request

Step 3 Highlighted vulnerable parameter

Step 4 Modified password to execute code

step 5 code execution successful

Response from AT&T Team

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Protecting Your Mobile App from AI-Powered Malware (PromptSpy)

Introduction With the rise of advanced threats like AI-driven Android malware, attackers are no longer just stealing data—they are interacting with apps like real users. Malware such as PromptSpy can

May 1, 20264 min read

Bypassing Application Whitelisting Solution SolidCore Part I

Bypassing anti-virus has become fairly simple in the malware world today. As a result, companies are beginning to realize that application whitelisting is another tool to consider adding to their crit

Aug 23, 20205 min read

Decryptor for Wanacry Ransomware

WannaCry A ransomware that is exploiting “ETERNALBLUE” a vulnerability found in the NSA exploits released by the ShadowBrokers.The WannaCry ransomware attack was a worldwide cyberattack by the WannaCr

Apr 23, 20172 min read

Windows Mobile Application Security – Part II

Now Next Step accessing application internal storage Accessing Internal Storage of APPLICATION using reg eDITOR Application Windows do not allow access to the internal storage of its application even

May 13, 20164 min read

Information Security Knowledge Blog by Vinesh Redkar

16 posts