New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove harmful default command to execute #10997

Merged
merged 1 commit into from Nov 21, 2018

Conversation

Projects
None yet
4 participants
@dmyates
Contributor

dmyates commented Nov 21, 2018

This change removes the default command to execute from the payload php/exec, which would (attempt to) overwrite the /etc/password with a single UID 0 user named toor. This doesn't seem like a very useful default.

@busterb busterb self-assigned this Nov 21, 2018

@busterb

This comment has been minimized.

Contributor

busterb commented Nov 21, 2018

This is fine, thanks @dmyates

@busterb busterb merged commit e706e2b into rapid7:master Nov 21, 2018

2 of 3 checks passed

Metasploit Automation - Sanity Test Execution Running automation sanity tests. Details available on completion.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

busterb added a commit that referenced this pull request Nov 21, 2018

@busterb

This comment has been minimized.

Contributor

busterb commented Nov 21, 2018

Release Notes

This removes the default command string for the php/exec payload, requiring the user to specify one instead. This prevents the user from accidentally overwriting the /etc/passwd file on the target if the exploit is sufficiently privileged.

msjenkins-r7 added a commit that referenced this pull request Nov 21, 2018

@dmyates dmyates deleted the dmyates:patch-1 branch Nov 22, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment