728x90
Katello (Red Hat Satellite) users/update_roles Missing Authorization
This module exploits a missing authorization vulnerability in the "update_roles" action of "users" controller of Katello and Red Hat Satellite (Katello 1.5.0-14 and earlier) by changing the specified account to an administrator account.
Module Name
auxiliary/admin/http/katello_satellite_priv_esc
Authors
- Ramon de C Valle <rcvalle [at] metasploit.com>
References
Reliability
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/admin/http/katello_satellite_priv_esc
msf auxiliary(katello_satellite_priv_esc) > show actions
...actions...
msf auxiliary(katello_satellite_priv_esc) > set ACTION <action-name>
msf auxiliary(katello_satellite_priv_esc) > show options
...show and set options...
msf auxiliary(katello_satellite_priv_esc) > run
728x90
'Metasploit ' 카테고리의 다른 글
LifeSize UVC Authenticated RCE via Ping (0) | 2014.03.28 |
---|---|
FreePBX config.php Remote Code Execution (0) | 2014.03.28 |
Firefox Gather Cookies from Privileged Javascript Shell (0) | 2014.03.28 |
quantum vmPRO backdoor (0) | 2014.03.27 |
Firefox Exec Shellcode from Privileged Javascript Shell (0) | 2014.03.27 |