Description
This module exploits an authenticated RCE in Cayin CMS <= 11.0. The RCE is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to achieve a larger payload. Cayin CMS-SE is built for Ubuntu 16.04 (20.04 failed to install correctly), so the environment should be pretty set and not dynamic between targets. Results in root level access.
Module options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/linux/http/cayin_cms_ntpmsf undefined(cayin_cms_ntp) > show actions ...actions...msf undefined(cayin_cms_ntp) > set ACTION < action-name >msf undefined(cayin_cms_ntp) > show options ...show and set options...msf undefined(cayin_cms_ntp) > runPrioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub