module
Cayin xPost wayfinder_seqid SQLi to RCE
Disclosed | Created |
---|---|
2020-06-04 | 2020-06-18 |
Disclosed
2020-06-04
Created
2020-06-18
Description
This module exploits an unauthenticated SQLi in Cayin xPost wayfinder_meeting_input.jsp file's wayfinder_seqid parameter can be injected
with a blind SQLi. Since this app bundles MySQL and apache Tomcat the
environment is pretty static and therefore the default settings should
work. Results in SYSTEM level access.
Only the java/jsp_shell_reverse_tcp and java/jsp_shell_bind_tcp payloads
seem to be valid.
with a blind SQLi. Since this app bundles MySQL and apache Tomcat the
environment is pretty static and therefore the default settings should
work. Results in SYSTEM level access.
Only the java/jsp_shell_reverse_tcp and java/jsp_shell_bind_tcp payloads
seem to be valid.
Authors
h00die
Gjoko Krstic (LiquidWorm) gjoko@zeroscience.mk
Gjoko Krstic (LiquidWorm) gjoko@zeroscience.mk
Platform
Java,Windows
Architectures
java
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.