Vulnerability & Exploit Database

Back to search

Dexter (CasinoLoader) SQL Injection

This module exploits a vulnerability found in the command and control panel used to control Dexter (Point of Sale malware). This is done by accessing the PHP page used by bots to report in (gateway.php) which does not sanitize input. Input is encrypted and encoded, but the key is supplied by the bot connecting. The 'page' parameter is used in this case. The command and control panel designates a location to upload files, and can be used as a reliable location to write a PHP shell. Authentication is not needed to exploit this vulnerability.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/http/dexter_casinoloader_exec

Authors

  • bwall (Brian Wallace) <bwallace [at] cylance.com>

References

Targets

  • CasinoLoader gateway.php

Platforms

  • php

Architectures

  • php

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/http/dexter_casinoloader_exec msf exploit(dexter_casinoloader_exec) > show targets ...targets... msf exploit(dexter_casinoloader_exec) > set TARGET <target-id> msf exploit(dexter_casinoloader_exec) > show options ...show and set options... msf exploit(dexter_casinoloader_exec) > exploit