Showing 1 - 2 of 2

Files from mhaskar

First Active	2019-06-04
Last Active	2019-11-07

rConfig 3.9.2 Command Injection: Posted Nov 7, 2019; Authored by Brendan Coles, mhaskar | Site metasploit.com; This Metasploit module exploits an unauthenticated command injection vulnerability in rConfig versions 3.9.2 and prior. The install directory is not automatically removed after installation, allowing unauthenticated users to execute arbitrary commands via the ajaxServerSettingsChk.php file as the web server user. This module has been tested successfully on rConfig version 3.9.2 on CentOS 7.7.1908 (x64).; tags | exploit, web, arbitrary, php; systems | linux, centos; advisories | CVE-2019-16662; SHA-256 | c186325528acbfb5de4f3fa7f089b9e55a0ed4689c4440a3e05bf3134759a1f7; Download | Favorite | View

LibreNMS addhost Command Injection: Posted Jun 4, 2019; Authored by Shelby Pace, mhaskar | Site metasploit.com; This Metasploit module exploits a command injection vulnerability in the open source network management software known as LibreNMS. The community parameter used in a POST request to the addhost functionality is unsanitized. This parameter is later used as part of a shell command that gets passed to the popen function in capture.inc.php, which can result in execution of arbitrary code. This module requires authentication to LibreNMS first.; tags | exploit, arbitrary, shell, php; advisories | CVE-2018-20434; SHA-256 | 8fd9521e1c38f9ad21b8611a1a79a4fa7ccda2ca71da5acfd86ca9767c9411ae; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days