module

Narcissus Image Configuration Passthru Vulnerability

Disclosed
2012-11-14
Created
2018-05-30

Description

This module exploits a vulnerability found in Narcissus image configuration
function. This is due to the backend.php file not handling the $release parameter
properly, and then passes it on to the configure_image() function. In this
function, the $release parameter can be used to inject system commands for
passthru (a PHP function that's meant to be used to run a bash script by the
vulnerable application), which allows remote code execution under the context
of the web server.

Authors

Dun
sinn3r sinn3r@metasploit.com

Platform

Linux,Unix

Architectures

cmd

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


msf > use exploit/unix/webapp/narcissus_backend_exec
msf exploit(narcissus_backend_exec) > show targets
...targets...
msf exploit(narcissus_backend_exec) > set TARGET < target-id >
msf exploit(narcissus_backend_exec) > show options
...show and set options...
msf exploit(narcissus_backend_exec) > exploit

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.