• Close
  • Back to search

    FreePBX config.php Remote Code Execution

    This module exploits a vulnerability found in FreePBX version 2.9, 2.10, and 2.11. It's possible to inject arbitrary PHP functions and commands in the "/admin/config.php" parameters "function" and "args".

    Free Metasploit Download

    Get your copy of the world's leading penetration testing tool

     Download Now

    Module Name

    exploit/unix/webapp/freepbx_config_exec

    Authors

    • i-Hmx
    • 0x00string
    • xistence <xistence [at] 0x90.nl>

    References

    Targets

    • FreePBX

    Platforms

    • unix

    Architectures

    • cmd

    Reliability

    Development

    Module Options

    To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

    msf > use exploit/unix/webapp/freepbx_config_exec msf exploit(freepbx_config_exec) > show targets ...targets... msf exploit(freepbx_config_exec) > set TARGET <target-id> msf exploit(freepbx_config_exec) > show options ...show and set options... msf exploit(freepbx_config_exec) > exploit