-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new module linuxki_rce - CVE-2020-7209 #13537
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please run:
rubocop -a
on your ruby filetools/dev/msftidy.rb
on your ruby filetools/dev/msftidy_docs.rb
on your markdown file.
That will address many of the changes needed. I've added a few more items as well. Good first time contribution though!
CmdStager included
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
okey
Please add a Linux command stager |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@numanturle, thanks for this PR. This is a great first contribution! I just added a few comments for you to look at.
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
@numanturle, these changes look good to me. Thanks! Regarding your question (here), do you still plan to add default payload to each target and be automatically selected when the target changes? If not, I will go ahead and land it. |
@h00die, it looks like the changes you requested were made (still pending approval). Are we good to land? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a few doc cleanup items. @cdelafuente-r7 you can prob make this changes when landing as theyre super minor.
other than those few doc changes I just added, i'm happy with it |
default payload added
I added default payloads 👍 |
I tested this exploit against LinuxKI Toolset v6.01 on x64 CentOS 7.8.2003 virtual machine, with Example output
|
@numanturle , thanks for this great contribution! I will go ahead and land it today. |
i am learning new things enjoy it very much. ❤️ |
Release NotesThe LinuxKI Toolset 6.01 Remote Command Execution exploits a RCE in LinuxKI Toolset v6.01 and earlier. This vulnerability is related to an improper input validation of an HTTP GET parameter. An attacker can leverage this to execute arbitrary commands in the context of the webserver. This vulnerability is identified as CVE-2020-7209. |
LinuxKI Toolset v6.0-1 and earlier is vulnerable to a remote code execution. The point where the security vulnerability is triggered is the kivis.php pid parameter.
Verification
msfconsole
use exploit/linux/http/linuxki_rce
show TARGETS
set TARGET <id>
set RHOST <target_ip>
set RPORT <target_port>
check
set LHOST <your_ip>
set LPORT <your_port>
exploit
Scenarios