OS Command Injection in Infoblox NetMRI Products - CVE-2014-3418 + CVE-2014-3419
Posted on July 09, 2014
While performing an internal security assessment for a client, I discovered an OS command injection vulnerability in an Infoblox NetMRI appliance. This was totally by accident, just going about our regular testing of web applications. I stumbled across the following page and used a proxy to submit values to the "Username" and "Password" fields of the application. Infoblox Login Page...Continue reading