728x90

FreePBX config.php Remote Code Execution

This module exploits a vulnerability found in FreePBX version 2.9, 2.10, and 2.11. It's possible to inject arbitrary PHP functions and commands in the "/admin/config.php" parameters "function" and "args".

Module Name

exploit/unix/webapp/freepbx_config_exec

Authors

i-Hmx
0x00string
xistence <xistence [at] 0x90.nl>

References

Targets

FreePBX

Platforms

unix

Architectures

Reliability

Excellent

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


      msf > use exploit/unix/webapp/freepbx_config_exec
      msf exploit(freepbx_config_exec) > show targets
            ...targets...
      msf exploit(freepbx_config_exec) > set TARGET <target-id>
      msf exploit(freepbx_config_exec) > show options
            ...show and set options...
      msf exploit(freepbx_config_exec) > exploit

728x90

저작자표시 비영리 변경금지

'Metasploit ' 카테고리의 다른 글

Safari User-Assisted Download and Run Attack (0)	2014.03.28
LifeSize UVC Authenticated RCE via Ping (0)	2014.03.28
Katello (Red Hat Satellite) users/update_roles Missing Authorization (0)	2014.03.28
Firefox Gather Cookies from Privileged Javascript Shell (0)	2014.03.28
quantum vmPRO backdoor (0)	2014.03.27

일상 생활의 보안

FreePBX config.php Remote Code Execution

FreePBX config.php Remote Code Execution

Module Name

Authors

References

Targets

Platforms

Architectures

Reliability

Development

Module Options

'Metasploit ' 카테고리의 다른 글

티스토리툴바

FreePBX config.php Remote Code Execution

FreePBX config.php Remote Code Execution

Module Name

Authors

References

Targets

Platforms

Architectures

Reliability

Development

Module Options

'Metasploit ' 카테고리의 다른 글

'Metasploit ' Related Articles

티스토리툴바