Hacks and Incidents

Acunetix WVS 10 0Day SYSTEM remote command execution

Acunetix WVS 10 0Day SYSTEM remote command execution: Acunetix WVS 10 0Day SYSTEM remote command execution by Italian researcher Daniele Linguaglossa.

This poc show the exploitation of 2 flaw affecting Acunetix WVS 10, by exploiting them is possibile to execute command on victim machine just by scanning it, and then using a second flaw is possibile to elevate privilege till SYSTEM.

Not the first time Acunetix has serious flaws: in 2014 a simple Stack Overflow was found by Vaibhav Deshmukh:

http://cybersecwarriors.blogspot.it/2014/09/finally-hacked-hacker-acunetix-suffers.html

acunetix-exploit2 acunetix-exploit

Standard