module

openSIS Unauthenticated PHP Code Execution

Disclosed
Jun 30, 2020
Created
Jul 4, 2020

Description

This module exploits multiple vulnerabilities in openSIS 7.4 and prior versions
which could be abused by unauthenticated attackers to execute arbitrary PHP code
with the permissions of the webserver. The exploit chain abuses an incorrect access
control issue which allows access to scripts which should require the user to be
authenticated, and a Local File Inclusion to reach a SQL injection vulnerability which
results in execution of arbitrary PHP code due to an unsafe use of the eval() function.

Author

EgiX

Platform

PHP

Architectures

php

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


msf > use exploit/unix/webapp/opensis_chain_exec
msf exploit(opensis_chain_exec) > show targets
...targets...
msf exploit(opensis_chain_exec) > set TARGET < target-id >
msf exploit(opensis_chain_exec) > show options
...show and set options...
msf exploit(opensis_chain_exec) > exploit

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.