Eppler Software WebTester Command Injection Vulnerability in install2.php

A command injection vulnerability has been identified in Eppler Software WebTester version 5.x, specifically within the install2.php script. This vulnerability allows remote, unauthenticated attackers to execute arbitrary commands on the server with the privileges of the web server user. The issue arises because the cpusername, cppassword, and cpdomain parameters are passed to shell commands without proper sanitization. Exploitation involves sending a crafted HTTP POST request with one of these parameters, leading to unauthorized command execution on the underlying system.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server, with the commands being executed under the web server's user privileges.

Reproduction

To reproduce this vulnerability, send an HTTP POST request to the install2.php script with the cpusername, cppassword, or cpdomain parameter. Include a payload that exploits the command injection flaw, such as a command to open a reverse shell. The request should be sent with the Content-Type application/x-www-form-urlencoded.