module
Dexter (CasinoLoader) SQL Injection
| Disclosed | Created |
|---|---|
| Feb 8, 2014 | May 30, 2018 |
Disclosed
Feb 8, 2014
Created
May 30, 2018
Description
This module exploits a vulnerability found in the command and control panel
used to control Dexter (Point of Sale malware). This is done by accessing the
PHP page used by bots to report in (gateway.php) which does not sanitize input.
Input is encrypted and encoded, but the key is supplied by the bot connecting.
The 'page' parameter is used in this case. The command and control panel designates
a location to upload files, and can be used as a reliable location to write a
PHP shell. Authentication is not needed to exploit this vulnerability.
used to control Dexter (Point of Sale malware). This is done by accessing the
PHP page used by bots to report in (gateway.php) which does not sanitize input.
Input is encrypted and encoded, but the key is supplied by the bot connecting.
The 'page' parameter is used in this case. The command and control panel designates
a location to upload files, and can be used as a reliable location to write a
PHP shell. Authentication is not needed to exploit this vulnerability.
Author
bwall (Brian Wallace) bwallace@cylance.com
Platform
PHP
Architectures
php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.