Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add WANem v2.3 command execution #772

Merged
merged 1 commit into from Sep 8, 2012
Merged

Add WANem v2.3 command execution #772

merged 1 commit into from Sep 8, 2012

Conversation

@bcoles
Copy link
Contributor

bcoles commented Sep 8, 2012

Add WANem v2.3 command execution exploit module

  • Remote root
  • Tested on WANem v2.3

WANem v2.3 command execution exploit

@jvazquez-r7

This comment has been minimized.

Copy link
Contributor

jvazquez-r7 commented Sep 8, 2012

Thanks bcoles! Looking into this!

@wchen-r7

This comment has been minimized.

Copy link
Contributor

wchen-r7 commented Sep 8, 2012

Nice. Works for me.

@wchen-r7 wchen-r7 merged commit f026591 into rapid7:master Sep 8, 2012
@jvazquez-r7

This comment has been minimized.

Copy link
Contributor

jvazquez-r7 commented on modules/exploits/linux/http/wanem_exec.rb in f026591 Sep 8, 2012

Maybe Rex::Text.uri_encode could be used. I haven't tested

@jvazquez-r7

This comment has been minimized.

Copy link
Contributor

jvazquez-r7 commented on modules/exploits/linux/http/wanem_exec.rb in f026591 Sep 8, 2012

A "echo" injection could be used to test if the application is really vulnerable :)

@jvazquez-r7

This comment has been minimized.

Copy link
Contributor

jvazquez-r7 commented on modules/exploits/linux/http/wanem_exec.rb in f026591 Sep 8, 2012

Is it right even when privileges are acquires after exploitation? Compatible payload doesn't require privileges, but not sure if this "true" is fully correct. Anyway not a big concern :P

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.