Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add WANem v2.3 command execution #772

Merged
merged 1 commit into from Sep 8, 2012
Merged

Add WANem v2.3 command execution #772

merged 1 commit into from Sep 8, 2012

Conversation

bcoles
Copy link
Contributor

@bcoles bcoles commented Sep 8, 2012

Add WANem v2.3 command execution exploit module

  • Remote root
  • Tested on WANem v2.3

WANem v2.3 command execution exploit

@jvazquez-r7
Copy link
Contributor

@jvazquez-r7 jvazquez-r7 commented Sep 8, 2012

Thanks bcoles! Looking into this!

@wchen-r7
Copy link
Contributor

@wchen-r7 wchen-r7 commented Sep 8, 2012

Nice. Works for me.

@wchen-r7 wchen-r7 merged commit f026591 into rapid7:master Sep 8, 2012
jvazquez-r7
Copy link
Contributor

@jvazquez-r7 jvazquez-r7 commented on f026591 Sep 8, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe Rex::Text.uri_encode could be used. I haven't tested

jvazquez-r7
Copy link
Contributor

@jvazquez-r7 jvazquez-r7 commented on f026591 Sep 8, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A "echo" injection could be used to test if the application is really vulnerable :)

jvazquez-r7
Copy link
Contributor

@jvazquez-r7 jvazquez-r7 commented on f026591 Sep 8, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it right even when privileges are acquires after exploitation? Compatible payload doesn't require privileges, but not sure if this "true" is fully correct. Anyway not a big concern :P

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants