module
Dolibarr ERP/CRM Post-Auth OS Command Injection
| Disclosed | Created |
|---|---|
| Apr 6, 2012 | May 30, 2018 |
Disclosed
Apr 6, 2012
Created
May 30, 2018
Description
This module exploits a vulnerability found in Dolibarr ERP/CRM 3's
backup feature. This software is used to manage a company's business
information such as contacts, invoices, orders, stocks, agenda, etc.
When processing a database backup request, the export.php function
does not check the input given to the sql_compat parameter, which allows
a remote authenticated attacker to inject system commands into it,
and then gain arbitrary code execution.
backup feature. This software is used to manage a company's business
information such as contacts, invoices, orders, stocks, agenda, etc.
When processing a database backup request, the export.php function
does not check the input given to the sql_compat parameter, which allows
a remote authenticated attacker to inject system commands into it,
and then gain arbitrary code execution.
Authors
Nahuel Grisolia nahuel@cintainfinita.com.ar
sinn3r sinn3r@metasploit.com
sinn3r sinn3r@metasploit.com
Platform
Linux,Unix
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.