RabidHamster R4 Log Entry sprintf() Buffer Overflow
This module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user.
- Luigi Auriemma
- sinn3r <sinn3r [at] metasploit.com>
- R4 v1.25
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/windows/http/rabidhamster_r4_log msf exploit(rabidhamster_r4_log) > show targets ...targets... msf exploit(rabidhamster_r4_log) > set TARGET <target-id> msf exploit(rabidhamster_r4_log) > show options ...show and set options... msf exploit(rabidhamster_r4_log) > exploit