Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Add Serviio Media Server checkStreamUrl Command Execution #8347
This PR adds an exploit module for Serviio Media Server.
This module exploits an unauthenticated remote command execution vulnerability
The console service (on port 23423 by default) exposes a REST API which
The 'action' API endpoint does not sufficiently sanitize user-supplied data
This module has been tested successfully on Serviio Media Server versions
To follow; when I feel like it.
The exploits/windows/http/serviio_checkstreamurl_cmd_exec module has been added to the framework. It exploits a vulnerability in Serviio Media Server. Serviio is a free media server that allows you stream video, audio, and images. The console service in Serviio exposes a REST API that allows a remote user to execute system commands, which can be abused to gain arbitrary remote code execution under the context of SYSTEM (on Windows).