Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Submission of New Exploit Module for Vinchin Backup & Recovery Command Injection #18542
Submission of New Exploit Module for Vinchin Backup & Recovery Command Injection #18542
Changes from 4 commits
c5cfc99
7482948
24fc989
42cdda7
00cc8dc
13b19ba
223cb24
8eb1f61
4e1ec64
d59d5e5
58425df
f0ab3a7
218f652
2750dee
fff8d20
9b050e2
d20a170
c60da4a
1438a88
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I understand, this won't let the user choose the payload he wants to use. Instead, you can use
payload.encode
to include the payload setup by the user withset PAYLOAD ...
. Note that you will probably need some filtering and sanitization, since I believe some special characters would break the command.A more complete and flexible option is to make the code compatible with Fetch Payloads and Command Stagers, which allow the use of Meterpreter payloads, along with standard command payloads.
Please, refers to these documentations for details:
Also, feel free to ask if you have issues with this. I would be happy to help.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure to understand, what
target_uri.path.split('/')[0]
is supposed to return?It will always return an empty string if the
TARGETURI
value starts with '/':If there is no '/', it will return the first path only:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does a status code different than 200 mean it failed? If so, it would be interesting to add a check and return early:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.