Vulnerability & Exploit Database

Back to search

Apache Continuum Arbitrary Command Execution

This module exploits a command injection in Apache Continuum <= 1.4.2. By injecting a command into the installation.varValue POST parameter to /continuum/saveInstallation.action, a shell can be spawned.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/linux/http/apache_continuum_cmd_exec

Authors

  • David Shanahan
  • wvu <wvu [at] metasploit.com>

References

Targets

  • Apache Continuum <= 1.4.2

Platforms

  • linux

Architectures

  • x86
  • x64

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/http/apache_continuum_cmd_exec msf exploit(apache_continuum_cmd_exec) > show targets ...targets... msf exploit(apache_continuum_cmd_exec) > set TARGET <target-id> msf exploit(apache_continuum_cmd_exec) > show options ...show and set options... msf exploit(apache_continuum_cmd_exec) > exploit