module
Narcissus Image Configuration Passthru Vulnerability
| Disclosed | Created |
|---|---|
| 2012-11-14 | 2018-05-30 |
Disclosed
2012-11-14
Created
2018-05-30
Description
This module exploits a vulnerability found in Narcissus image configuration
function. This is due to the backend.php file not handling the $release parameter
properly, and then passes it on to the configure_image() function. In this
function, the $release parameter can be used to inject system commands for
passthru (a PHP function that's meant to be used to run a bash script by the
vulnerable application), which allows remote code execution under the context
of the web server.
function. This is due to the backend.php file not handling the $release parameter
properly, and then passes it on to the configure_image() function. In this
function, the $release parameter can be used to inject system commands for
passthru (a PHP function that's meant to be used to run a bash script by the
vulnerable application), which allows remote code execution under the context
of the web server.
Authors
Dun
sinn3r [email protected]
sinn3r [email protected]
Platform
Linux,Unix
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.