Exploit to cve-2023-1671. So there is a test and exploitation function. The test sends a ping request to the dnslog domain from the vulnerable site. If the ping passes, the vulnerability exists, if it doesn't, then cve-2023-1671 is missing. The exploit function, on the other hand, sends a request with your command to the server.
Сve-2023-1671
How does cve-2023-1671(cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2023-1671 ) work?
/opt/ws/bin/ftsblistpack is a Perl script that calls /opt/ws/bin/sblistpack, which is another Perl script
The shell command arguments in it are enclosed in single quotes:
$rc += system("$sblistpack '$uri' '$user' '$filetype' '