Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2020-11491

Description

Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi.

POC

Reference

- http://code610.blogspot.com/2020/03/pentesting-zen-load-balancer-quick.html

- https://github.com/c610/tmp/blob/master/zenload4patreons.zip

Github

No PoCs found on GitHub currently.