CVE-2016-4971

GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution

GNU Wget 1.1.18 - Arbitrary File Upload / Remote Code Execution - Multi

Vulnerablility: GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

Score: CVSS v2.0: 4.3 // CVSS v3.x: 8

Shows on:

• HTB - Kotarak

POC:

GNU Wget < 1.18 - Arbitrary File Upload / Remote Code ExecutionExploit Database

POC: Python

GitHub - mbadanoiu/CVE-2016-4971: CVE-2016-4971 Wget 1.18/1.14-13.el7 Client ExploitGitHub

POC: JavaScript

GitHub - gitcollect/CVE-2016-4971: CVE-2016-4971 written in nodejsGitHub

Resources:

NVD - CVE-2016-4971

CVE - CVE-2016-4971