module
Kimai v0.9.2 'db_restore.php' SQL Injection
| Disclosed | Created |
|---|---|
| 2013-05-21 | 2018-05-30 |
Disclosed
2013-05-21
Created
2018-05-30
Description
This module exploits a SQL injection vulnerability in Kimai version
0.9.2.x. The 'db_restore.php' file allows unauthenticated users to
execute arbitrary SQL queries. This module writes a PHP payload to
disk if the following conditions are met: The PHP configuration must
have 'display_errors' enabled, Kimai must be configured to use a
MySQL database running on localhost; and the MySQL user must have
write permission to the Kimai 'temporary' directory.
0.9.2.x. The 'db_restore.php' file allows unauthenticated users to
execute arbitrary SQL queries. This module writes a PHP payload to
disk if the following conditions are met: The PHP configuration must
have 'display_errors' enabled, Kimai must be configured to use a
MySQL database running on localhost; and the MySQL user must have
write permission to the Kimai 'temporary' directory.
Authors
drone
bcoles bcoles@gmail.com
bcoles bcoles@gmail.com
Platform
PHP
Architectures
php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.