728x90

Katello (Red Hat Satellite) users/update_roles Missing Authorization

This module exploits a missing authorization vulnerability in the "update_roles" action of "users" controller of Katello and Red Hat Satellite (Katello 1.5.0-14 and earlier) by changing the specified account to an administrator account.

Module Name

auxiliary/admin/http/katello_satellite_priv_esc

Authors

Ramon de C Valle <rcvalle [at] metasploit.com>

References

Reliability

Normal

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


      msf > use auxiliary/admin/http/katello_satellite_priv_esc
      msf auxiliary(katello_satellite_priv_esc) > show actions
            ...actions...
      msf auxiliary(katello_satellite_priv_esc) > set ACTION <action-name>
      msf auxiliary(katello_satellite_priv_esc) > show options
            ...show and set options...
      msf auxiliary(katello_satellite_priv_esc) > run

728x90

저작자표시 비영리 변경금지

'Metasploit ' 카테고리의 다른 글

LifeSize UVC Authenticated RCE via Ping (0)	2014.03.28
FreePBX config.php Remote Code Execution (0)	2014.03.28
Firefox Gather Cookies from Privileged Javascript Shell (0)	2014.03.28
quantum vmPRO backdoor (0)	2014.03.27
Firefox Exec Shellcode from Privileged Javascript Shell (0)	2014.03.27

일상 생활의 보안

Katello (Red Hat Satellite) users/update_roles Missing Authorization

Katello (Red Hat Satellite) users/update_roles Missing Authorization

Module Name

Authors

References

Reliability

Development

Module Options

'Metasploit ' 카테고리의 다른 글

티스토리툴바

Katello (Red Hat Satellite) users/update_roles Missing Authorization

Katello (Red Hat Satellite) users/update_roles Missing Authorization

Module Name

Authors

References

Reliability

Development

Module Options

'Metasploit ' 카테고리의 다른 글

'Metasploit ' Related Articles

티스토리툴바