module
Xymon useradm Command Execution
| Disclosed | Created |
|---|---|
| 2016-02-14 | 2019-07-12 |
Disclosed
2016-02-14
Created
2019-07-12
Description
This module exploits a command injection vulnerability in Xymon
versions before 4.3.25 which allows authenticated users
to execute arbitrary operating system commands as the web
server user.
When adding a new user to the system via the web interface with
`useradm.sh`, the user's username and password are passed to
`htpasswd` in a call to `system()` without validation.
This module has been tested successfully on Xymon version 4.3.10
on Debian 6.
versions before 4.3.25 which allows authenticated users
to execute arbitrary operating system commands as the web
server user.
When adding a new user to the system via the web interface with
`useradm.sh`, the user's username and password are passed to
`htpasswd` in a call to `system()` without validation.
This module has been tested successfully on Xymon version 4.3.10
on Debian 6.
Authors
Markus Krell
bcoles bcoles@gmail.com
bcoles bcoles@gmail.com
Platform
BSD,Linux,Solaris,Unix
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.