module
Cockpit CMS NoSQLi to RCE
| Disclosed |
|---|
| Apr 13, 2021 |
Disclosed
Apr 13, 2021
Description
This module exploits two NoSQLi vulnerabilities to retrieve the user list,
and password reset tokens from the system. Next, the USER is targetted to
reset their password.
Then a command injection vulnerability is used to execute the payload.
While it is possible to upload a payload and execute it, the command injection
provides a no disk write method which is more stealthy.
Cockpit CMS 0.10.0 - 0.11.1, inclusive, contain all the necessary vulnerabilities
for exploitation.
and password reset tokens from the system. Next, the USER is targetted to
reset their password.
Then a command injection vulnerability is used to execute the payload.
While it is possible to upload a payload and execute it, the command injection
provides a no disk write method which is more stealthy.
Cockpit CMS 0.10.0 - 0.11.1, inclusive, contain all the necessary vulnerabilities
for exploitation.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.