New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Module for CVE-2014-5519, phpwiki/ploticus RCE #3799
Conversation
[ | ||
[ 'CVE', '2014-5519' ], | ||
[ 'OSVDB', '110576' ], | ||
[ 'URL', 'http://www.exploit-db.com/exploits/34451/'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For Exploit-DB, you can use EDB
instead of URL
.
See all the identifiers you can use:
https://github.com/rapid7/metasploit-framework/wiki/Metasploit-module-reference-identifiers
Use EDB instead of URL for Exploit-DB. Remove peer variable as peer comes from HttpClient.
I am having trouble setting up this app. I keep getting this:
I find no function WikiDB_backend_dbaBase. Looks like a broken build? |
Never mind. I figured it out. It is indeed a broken build. Looks like it's meant to call the parent method. |
Filed a ticket for the bug I hit: |
It looks like 1.5.0 is patched. I haven't really looked into the actual fix, but the exploit will trigger errors complaining about accessing protected methods... I am guessing that is the "patch". |
The actual fix might be this: |
Exploit verified:
|
Landing the PR in a bit. Made minor edits to msftidy and added two more references for bug tracking purposes. |
Description
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via command injection. Discovery and POC done by Benjamin Harris.
Links
http://www.exploit-db.com/exploits/34451/
http://www.cvedetails.com/cve/CVE-2014-5519/
http://seclists.org/fulldisclosure/2014/Aug/77
Reproduction steps
Tests