Vulnerability & Exploit Database

Back to search

Trend Micro Smart Protection Server Exec Remote Code Injection

This module exploits a vulnerability found in TrendMicro Smart Protection Server where untrusted inputs are fed to ServWebExec system command, leading to command injection. Please note: authentication is required to exploit this vulnerability.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/linux/http/trendmicro_sps_exec

Authors

  • Quentin Kaiser <kaiserquentin [at] gmail.com>

References

Targets

  • Linux

Platforms

  • linux

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/http/trendmicro_sps_exec msf exploit(trendmicro_sps_exec) > show targets ...targets... msf exploit(trendmicro_sps_exec) > set TARGET <target-id> msf exploit(trendmicro_sps_exec) > show options ...show and set options... msf exploit(trendmicro_sps_exec) > exploit