Loading HuntDB...

Remote Code Execution (RCE) in DoD Websites

Critical
U
U.S. Dept Of Defense
Submitted None

Team Summary

Official summary from U.S. Dept Of Defense

A remote code execution (RCE) vulnerability was found on a Department of Defense (DoD) website which could have enabled an attacker to execute remote commands on the web server. @joaomatosf was able to demonstrate this vulnerability by developing a custom script that caused the webserver to execute a benign command. This was a very clever demonstration. Impressive work! Thank you for supporting the DoD Vulnerability Disclosure Program!

Reported by joaomatosf

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Code Injection