dnaLIMS Admin Module Command Execution
This module utilizes an administrative module which allows for command execution. This page is completely unprotected from any authentication when given a POST request.
Module Name
exploit/linux/http/dnalims_admin_exec
Authors
- h00die <mike [at] shorebreaksecurity.com>
- flakey_biscuit <nicholas [at] shorebreaksecurity.com>
References
Targets
- Automatic Target
Platforms
- linux
- unix
Architectures
- cmd
Reliability
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/linux/http/dnalims_admin_exec
msf exploit(dnalims_admin_exec) > show targets
...targets...
msf exploit(dnalims_admin_exec) > set TARGET <target-id>
msf exploit(dnalims_admin_exec) > show options
...show and set options...
msf exploit(dnalims_admin_exec) > exploit