dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
metasploit-framework/documentation/modules/exploit/linux/http
History
Jack Heysel 2b90d33aef
Land #18618, Add OpenNMS privesc and auth RCE 
This module exploits built-in functionality in OpenNMS Horizon in order
to execute arbitrary commands as the opennms user. For versions 32.0.2
and higher, this module requires valid credentials for a user with
ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST.
For versions 32.0.1 and lower, credentials are required for a user with
ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges.
 		2024-03-20 12:54:16 -07:00
..
alienvault_exec.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
apache_airflow_dag_rce.md Move module and documentation from multi/http to linux/http 2023-09-17 22:42:26 +08:00
apache_couchdb_cmd_exec.md remove and check for instruction text 2020-03-24 09:15:04 -04:00
apache_druid_js_rce.md Update apache_druid_js_rce.md 2021-04-10 10:43:00 +08:00
apache_nifi_h2_rce.md apache nifi h2 rce 2023-08-08 17:44:35 -04:00
apache_ofbiz_deserialization.md fix ofbiz auto detection 2024-02-06 16:45:02 -05:00
apache_ofbiz_deserialization_soap.md remove spare comma 2021-04-05 09:33:20 -05:00
apache_spark_rce_cve_2022_33891.md Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
apache_superset_cookie_sig_rce.md superset rce more stable 2023-09-15 16:29:05 -04:00
artica_proxy_auth_bypass_service_cmds_peform_command_injection.md Remove AUTH_BYPASS target 2020-09-15 01:51:34 +02:00
asuswrt_lan_rce.md Add sploit doc 2018-02-20 19:35:10 +00:00
axis_app_install.md Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
axis_srv_parhand_rce.md Add documentation and a new reference 2018-07-25 14:44:44 -05:00
bitbucket_git_cmd_injection.md add documentation 2022-09-20 18:45:48 -05:00
bludit_upload_images_exec.md Fix typos and format 2019-11-11 14:47:56 -06:00
cacti_unauthenticated_cmd_injection.md fix typo and add credit for discovery 2022-12-23 11:11:31 +02:00
cayin_cms_ntp.md cleanup 2020-06-12 10:46:44 -04:00
centreon_pollers_auth_rce.md fix somes code review comments. 2020-03-15 13:30:23 +04:00
centreon_useralias_exec.md Fix uneven quotes in various documentation files 2017-08-26 19:12:48 -05:00
chamilo_unauth_rce_cve_2023_34960.md Final minor updates 2023-08-23 11:38:07 +00:00
cisco_asax_sfr_rce.md Added module for CVE-2022-20828 2022-08-19 12:29:37 -07:00
cisco_firepower_useradd.md typo fixes in cisco_firepower_useradd.md 2019-01-10 10:47:53 +01:00
cisco_hyperflex_file_upload_rce.md Cisco HyperFlex File Upload RCE module 2021-06-17 12:38:47 -04:00
cisco_hyperflex_hx_data_platform_cmd_exec.md Backport print changes to recent modules 2021-07-08 21:26:35 -05:00
cisco_prime_inf_rce.md Update cisco_prime_inf_rce.md 2018-10-15 22:37:47 +07:00
cisco_rv32x_rce.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
cisco_rv340_lan.md Fix up remaining review comments 2023-02-13 15:07:25 -06:00
cisco_rv_series_authbypass_and_rce.md Update documentation/modules/exploit/linux/http/cisco_rv_series_authbypass_and_rce.md 2022-02-01 06:41:26 -05:00
cisco_ucs_cloupia_script_rce.md Add Cisco UCS Director Cloupia script RCE 2020-06-02 22:13:07 -05:00
cisco_ucs_rce.md module doc standardizations 2020-01-20 21:26:59 -05:00
control_web_panel_login_cmd_exec.md Fix a typo 2023-01-25 13:45:18 -05:00
cpi_tararchive_upload.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
craftcms_unauth_rce_cve_2023_41892.md Some minor changes to the module and documentation 2023-12-18 08:23:16 +00:00
cve_2019_1663_cisco_rmi_rce.md Updated documentation. 2019-07-27 11:09:34 +02:00
dcos_marathon.md example output to scenarios 2020-01-16 11:41:12 -05:00
denyall_waf_exec.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
dlink_dir850l_unauth_exec.md Clean up module 2017-11-10 18:15:22 -06:00
dlink_dsl2750b_exec_noauth.md Fixing documentation, improving exploits code 2018-05-20 12:55:46 -04:00
dlink_dwl_2600_command_injection.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
docker_daemon_tcp.md example output to scenarios 2020-01-16 11:41:12 -05:00
elfinder_archive_cmd_injection.md escapeshellcmd -> escapeshellarg 2021-09-09 17:28:05 -05:00
epmp1000_get_chart_cmd_shell.md sample output to scenarios 2020-01-16 11:15:06 -05:00
epmp1000_ping_cmd_shell.md sample output to scenarios 2020-01-16 11:15:06 -05:00
eyesofnetwork_autodiscovery_rce.md Minor doc changes, add module notes and SQLi progress output 2020-05-21 16:31:45 -04:00
f5_bigip_tmui_rce_cve_2020_5902.md Rename the other TMUI RCE module 2023-11-01 16:55:42 -04:00
f5_bigip_tmui_rce_cve_2023_46747.md Add check code annotations, update AJP link 2023-11-02 08:53:56 -04:00
f5_icontrol_rce.md Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
f5_icontrol_rest_ssrf_rce.md Add module doc 2021-03-31 14:02:32 -05:00
f5_icontrol_rpmspec_rce_cve_2022_41800.md Check in exploit module for CVE-2022-41800 2022-11-16 12:04:18 -08:00
f5_icontrol_soap_csrf_rce_cve_2022_41622.md Check in exploit script for CVE-2022-41622 (CSRF into SOAP) 2022-11-16 11:58:15 -08:00
flir_ax8_unauth_rce_cve_2022_37061.md Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
fortinac_keyupload_file_write.md Update documentation to provide better installation instructions 2023-03-14 10:13:27 -05:00
fortinet_authentication_bypass_cve_2022_40684.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
froxlor_log_path_rce.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
geutebruck_cmdinject_cve_2021_335xx.md Add in documentation and module code cleanness improvements and also make the output easier for readers to understand should something fail midway through. 2021-08-31 18:24:57 -05:00
geutebruck_instantrec_bof.md Add CVE-2021-33549 exploit for Geutebruck G-CAM 2021-08-27 01:28:26 +01:00
geutebruck_testaction_exec.md Minor updates to the documentation to reflect the fact that the username and password could be something other than root/admin 2020-08-17 09:12:02 -05:00
github_enterprise_secret.md spelling change per review 2022-11-23 13:26:19 -06:00
glinet_unauth_rce_cve_2023_50445.md Capitalize remaining references to Meterpreter 2024-01-23 13:11:03 -05:00
glpi_htmlawed_php_injection.md Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
goahead_ldpreload.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
goautodial_3_rce_code_injection.md verification to verification steps 2020-01-16 10:41:12 -05:00
grandstream_gxv31xx_settimezone_unauth_cmd_exec.md Add support for GXV3140 models and ARCH_CMD busybox telnetd payload 2022-01-29 19:38:57 +00:00
grandstream_ucm62xx_sendemail_rce.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
gravcms_exec.md Update documentation 2021-05-04 14:12:48 +02:00
h2_webinterface_rce.md h2 doc addition 2023-08-08 17:15:22 -04:00
hadoop_unauth_exec.md Change docs to reflect the truth of the "vuln" 2020-11-16 11:38:00 -06:00
hikvision_cve_2021_36260_blind.md Fixed a couple of typos. Changed a CheckCode. Randomized the replaced tmp file name 2022-02-24 06:38:36 -08:00
hp_van_sdn_cmd_inject.md Don't be lazy and spell out "introduction" in docs 2019-09-30 16:58:00 -05:00
huawei_hg532n_cmdinject.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
ibm_drm_rce.md Update IBM DRM RCE docs 2020-06-26 11:29:59 +07:00
ibm_qradar_unauth_rce.md add module docs 2018-07-10 11:51:57 -05:00
imperva_securesphere_exec.md Update to use CmdStager 2019-01-08 20:07:35 -08:00
ipfire_bashbug_exec.md doc/module cleanup 2016-05-30 06:33:48 -04:00
ipfire_oinkcode_exec.md module working and docs 2017-06-14 21:15:56 -04:00
ipfire_pakfire_exec.md added cve 2021-06-10 09:35:42 -05:00
ipfire_proxy_exec.md md fix 2016-05-30 10:25:49 -04:00
ivanti_connect_secure_rce_cve_2023_46805.md Update documentation/modules/exploit/linux/http/ivanti_connect_secure_rce_cve_2023_46805.md 2024-01-18 09:18:28 +00:00
ivanti_connect_secure_rce_cve_2024_21893.md remove the linux and unix targets in favor of a single automatic target 2024-02-09 09:26:08 +00:00
ivanti_csa_unauth_rce_cve_2021_44529.md Apply fixes per code review 2023-01-17 12:44:22 -06:00
ivanti_sentry_misc_log_service.md Thanks to Spencer improved execute_command method 2023-09-12 15:14:10 -04:00
jenkins_cli_deserialization.md add steps for producing serialized object 2020-09-17 13:58:48 -05:00
kafka_ui_unauth_rce_cve_2023_52251.md added base64 encoder module of zerosteiner 2024-02-14 21:33:50 +00:00
kaltura_unserialize_cookie_rce.md Updates to documentation per h00die 2018-01-23 12:44:39 -06:00
kaltura_unserialize_rce.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
kibana_timelion_prototype_pollution_rce.md kibana exploit 2023-08-24 16:08:08 -04:00
kibana_upgrade_assistant_telemetry_rce.md Update documentation/modules/exploit/linux/http/kibana_upgrade_assistant_telemetry_rce.md 2023-10-06 16:45:52 -04:00
klog_server_authenticate_user_unauth_command_injection.md Add Klog Server authenticate.php user Unauthenticated Command Injection 2021-02-12 17:07:52 +00:00
lexmark_faxtrace_settings.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
librenms_addhost_cmd_inject.md made suggested changes 2019-05-30 14:09:40 -05:00
librenms_collectd_cmd_inject.md finish documentation and module 2019-08-13 09:47:24 -05:00
linear_emerge_unauth_rce_cve_2019_7256.md Fix up missing option in documentation and also add some additional validation on server response. 2023-01-04 17:02:05 -06:00
linksys_wvbr0_user_agent_exec_noauth.md Clarification in product linkage and small syntax fixup in repro steps 2018-01-03 17:00:26 -06:00
linuxki_rce.md Update linuxki_rce.md 2020-06-10 02:13:38 +03:00
logsign_exec.md spelling change per review 2022-11-23 13:26:19 -06:00
lucee_admin_imgprocess_file_write.md Add Lucee Administrator CVE-2021-21307 exploit 2021-08-16 10:09:34 -05:00
magnusbilling_unauth_rce_cve_2023_30258.md third release module with minor text changes 2023-10-31 09:29:13 +00:00
mailcleaner_exec.md Update doc 2019-01-08 13:25:13 -06:00
majordomo_cmd_inject_cve_2023_50917.md Add suggested changes 2023-12-22 00:04:54 +01:00
metabase_setup_token_rce.md metabase setup token rce 2023-08-08 17:16:56 -04:00
microfocus_obr_cmd_injection.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
microfocus_secure_messaging_gateway.md fix install lines 2020-03-24 09:36:17 -04:00
mida_solutions_eframework_ajaxreq_rce.md resolve qa comments 2020-09-11 17:16:10 +00:00
mobileiron_core_log4shell.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
mobileiron_mdm_hessian_rce.md Add module doc 2021-01-22 01:06:14 -06:00
mvpower_dvr_shell_exec.md Add documentation 2017-02-23 07:44:45 +00:00
nagios_xi_autodiscovery_webshell.md Used suggested method for defining user webshell, used suggested depth configuration, and used vars_get in a couple of places 2022-02-08 18:20:03 -08:00
nagios_xi_chained_rce.md Don't be lazy and spell out "introduction" in docs 2019-09-30 16:58:00 -05:00
nagios_xi_chained_rce_2_electric_boogaloo.md Update Docs 2018-06-29 11:08:31 -05:00
nagios_xi_configwizards_authenticated_rce.md Add example for version 5.5.6 with CVE-2021-25297 2023-02-07 14:18:53 -06:00
nagios_xi_magpie_debug.md nagios_xi_magpie_debug: add writable paths, improvements, cleanup, fixes 2021-03-16 07:13:55 +00:00
nagios_xi_mibs_authenticated_rce.md Add in fixes to documentation and module from review 2021-04-16 13:14:17 -05:00
nagios_xi_plugins_check_plugin_authenticated_rce.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
nagios_xi_plugins_filename_authenticated_rce.md Update scenarios in documentation and also update the module to handle cases where the version number may not be in a format that Rex::Text can immediately handle. 2021-04-14 16:32:53 -05:00
nagios_xi_snmptrap_authenticated_rce.md Add in CentOS 7 with NagiosXI 5.6.5 scenario 2021-04-20 14:12:56 -05:00
netgear_dgn1000_setup_unauth_exec.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
netgear_dnslookup_cmd_exec.md Fix broken link 2018-02-02 20:08:38 -05:00
netgear_r7000_cgibin_exec.md Update netgear_r7000_cgibin_exec docs 2018-02-02 20:23:43 -05:00
netgear_unauth_exec.md Minor changes to module, updated documentation. 2018-10-09 20:39:00 +06:30
netsweeper_webadmin_unixlogin.md Add Netsweeper WebAdmin unixlogin.php pre-auth RCE 2020-05-12 08:34:20 -05:00
nexus_repo_manager_el_injection.md Fix nexus_repo_manager_el_injection.md scenario 2020-09-15 13:14:36 -05:00
op5_config_exec.md fixes all previously identified issues 2016-06-15 20:58:04 -04:00
opennms_horizon_authenticated_rce.md Add check to see if notifications are enabled 2024-03-20 11:33:15 -07:00
opentsdb_key_cmd_injection.md Add docs for opentsdb_key_cmd_injection 2023-09-08 16:08:18 +01:00
opentsdb_yrange_cmd_injection.md Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
optergy_bms_backdoor_rce_cve_2019_7276.md updated module and documentation with SUDO option 2023-03-26 18:31:25 +00:00
oracle_ebs_rce_cve_2022_21587.md improve the documentation, mention some steps required during setup. 2023-02-22 09:42:11 +00:00
pandora_fms_events_exec.md Add installation instructions to docs 2020-07-09 17:20:07 -04:00
pandora_ping_cmd_exec.md Update documentation/modules/exploit/linux/http/pandora_ping_cmd_exec.md 2020-03-23 17:24:28 +03:00
panos_op_cmd_exec.md Updated error handling 2022-09-13 12:40:59 -04:00
panos_readsessionvars.md Doc typo 2018-05-06 22:32:26 -05:00
php_imap_open_rce.md horde imp h3 imap_open 2019-01-18 19:38:30 -05:00
pineapple_bypass_cmdinject.md module doc standardizations 2020-01-20 21:26:59 -05:00
pineapple_preconfig_cmdinject.md module doc standardizations 2020-01-20 21:26:59 -05:00
pulse_secure_cmd_exec.md Code-block env(1) 2019-11-12 02:46:18 -06:00
pulse_secure_gzip_rce.md Update the documentation 2020-12-07 10:54:20 -05:00
pyload_js2py_exec.md Add module docs 2023-02-15 16:29:42 -05:00
qnap_qcenter_change_passwd_exec.md Fix password typo 2018-07-13 16:02:15 +10:00
qnap_qts_rce_cve_2023_47218.md Docs plus minor edits 2024-02-15 17:12:11 -05:00
rancher_server.md example output to scenarios 2020-01-16 11:41:12 -05:00
rconfig_ajaxarchivefiles_rce.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
rconfig_vendors_auth_file_upload_rce.md rename files, change version check, use cookie jar 2021-06-24 09:47:38 -05:00
roxy_wi_exec.md Add in updated scenario documentation 2022-07-25 14:14:52 -05:00
saltstack_salt_api_cmd_exec.md Fix AutoCheck 2020-11-11 15:57:38 -06:00
saltstack_salt_wheel_async_rce.md add wait time line to test output 2021-03-31 14:47:34 -05:00
samsung_srv_1670d_upload_exec.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
solarview_unauth_rce_cve_2023_23333.md Apply grammatical suggestions from code review 2023-09-05 17:06:01 -04:00
sonicwall_cve_2021_20039.md Initial commit of CVE-2021-20039 exploit 2022-01-10 12:43:50 -08:00
sophos_utm_webadmin_sid_cmd_injection.md Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
sourcegraph_gitserver_sshcmd.md Add sourcegraph RCE module docs 2022-07-08 17:27:27 -04:00
spark_unauth_rce.md module options to options 2020-01-16 10:49:22 -05:00
spring_cloud_gateway_rce.md Add in some missing info to examples, set default port, and update IOCs to note we include some IOCs in the logs 2022-10-12 11:19:47 -05:00
suitecrm_log_file_rce.md Added module and documentation for SuiteCRM Log File RCE 2021-05-22 00:11:19 -05:00
supervisor_xmlrpc_exec.md cleaned up version, and docs 2017-09-23 10:51:52 -04:00
symantec_messaging_gateway_exec.md Adding Symantec messaging gateway rce 2017-06-10 12:23:12 +03:00
symmetricom_syncserver_rce.md add module documentation 2023-06-13 13:14:51 -05:00
synology_dsm_smart_exec_auth.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
terramaster_unauth_rce_cve_2020_35665.md Updates based on space-r7 comments 2023-06-08 07:39:44 +00:00
terramaster_unauth_rce_cve_2021_45837.md Updated NAS model and version check 2023-06-08 09:12:45 +00:00
terramaster_unauth_rce_cve_2022_24990.md Updates based on review comments from space-r7 and jvoisin 2023-06-12 19:28:08 +00:00
tiki_calendar_exec.md Update tiki_calendar_exec module and documentation 2016-06-22 11:17:45 -05:00
totolink_unauth_rce_cve_2023_30013.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
tp_link_ncxxx_bonjour_command_injection.md msftidy_docs changes 2020-09-18 09:42:14 -05:00
trend_micro_imsva_exec.md Adding Trend Micro IMSVA module 2017-01-18 11:34:16 +03:00
trendmicro_imsva_widget_exec.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
trendmicro_websecurity_exec.md fixing up some styles and such 2020-06-20 12:05:48 -04:00
ueb_api_rce.md finish up docs and 10 exploit 2018-09-10 21:08:30 -04:00
unraid_auth_bypass_exec.md spelling change per review 2022-11-23 13:26:19 -06:00
vestacp_exec.md Fix up clarity and spelling issues in module and documentation 2020-04-13 16:28:39 -05:00
vinchin_backup_recovery_cmd_inject.md Update 2023-11-21 18:28:28 +01:00
vmware_nsxmgr_xstream_rce_cve_2021_39144.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
vmware_vcenter_analytics_file_upload.md Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
vmware_vcenter_vsan_health_rce.md Add log IOC 2021-07-12 20:54:54 -05:00
vmware_view_planner_4_6_uploadlog_rce.md Update the exploit to use Python as its payload since this is a lot more flexible, allows Meterpreter, returns a shell faster, and we are already injecting into and executing a Python file 2021-03-14 00:00:06 -06:00
vmware_vrli_rce.md Add and use a Thrift client object 2023-09-11 14:37:38 -04:00
vmware_vrni_rce_cve_2023_20887.md Fix incomplete copy pasta in docs 2023-07-21 14:38:07 -04:00
vmware_vrops_mgr_ssrf_rce.md Update vmware_vrops_mgr_ssrf_rce documentation 2021-05-06 18:30:20 -05:00
vmware_workspace_one_access_cve_2022_22954.md Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
vmware_workspace_one_access_vmsa_2022_0011_chain.md docs fix 2023-04-17 16:41:35 -04:00
wd_mycloud_multiupload_upload.md Add wd_mycloud_multiupload_upload exploit 2017-11-28 07:12:00 -06:00
wd_mycloud_unauthenticated_cmd_injection.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
webmin_backdoor.md Move unix/webapp/webmin_backdoor to linux/http 2020-01-14 00:50:04 -06:00
webmin_file_manager_rce.md Update documentation/modules/exploit/linux/http/webmin_file_manager_rce.md 2022-11-01 10:40:01 -05:00
webmin_package_updates_rce.md Fix from code review 2022-08-09 15:09:25 +02:00
webmin_packageup_rce.md removed some whitespace, added a check 2019-06-17 15:29:08 -05:00
wepresent_cmd_injection.md Switched to vars_post in send_request_cgi and removed unnecessary documentation 2020-01-14 05:42:06 -05:00
wipg1000_cmd_injection.md added version numbers 2017-04-22 09:45:55 -04:00
xplico_exec.md spelling fixes on docs 2023-10-10 14:46:18 -04:00
zimbra_cpio_cve_2022_41352.md Fix the doc to make `msftidy_docs.rb` happy 2022-10-20 14:33:40 +02:00
zimbra_mboximport_cve_2022_27925.md Update all links from Wiki site to new docs site. 2023-01-27 09:58:53 -06:00
zimbra_unrar_cve_2022_30333.md Add module docs for the split-up unrar modules 2022-07-27 13:24:29 -07:00
zimbra_xxe_rce.md Fix words because words... 2019-04-01 17:21:23 -05:00
zyxel_lfi_unauth_ssh_rce.md Updates based on cdelafuente-r7 comments 2023-05-06 19:05:21 +00:00
zyxel_ztp_rce.md Revised setup guidance 2022-05-13 13:41:05 -07:00