Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Add Module Trend Micro IMSVA Remote Code Execution #7969
This module exploits a command injection vulnerability in the Trend Micro IMSVA product. An a uthenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installationof IMSVA comes with a default administrator credentials.
All the details required for installation is located at .md file.
List the steps needed to make sure this thing works
I would like to thanks @wvu-r7 who helps me to find out the work around for payload on IRC. Double quote was blacklisted at application layer so I need to find a way to pass payload to the following command without surrounding it double qoute
The trick is we are using Single, Backslash, Single, Single on our payload. I know it's been a while since we discussed this case on IRC but vendor finally released a patch!
@wchen-r7 which virtualisation application do you use ? If you're using vmware please do NOT choose easy install option.
Once you downloaded iso and started to installation, you must getting installation screen which really looks like centOS -it's actually customized centOS-.
There is a several things maybe important. Following steps are tested for Vmware Fusion.
IP Address: 18.104.22.168 - I was sure it was empty and not reserved by dhcp-
You may get a warning that says DNS is out of your network but don't care keep moving.
Once installation completed, system will reboot and then you must see a following screen.
Thanks for the instructions, and sorry for the long delay. The exploit works perfectly for me:
I will land it now. Thanks!