Apply fix requests on documentation
parent
f73e9347b9
commit
80ca30dc49
|
@ -2,13 +2,13 @@ Horde Groupware Webmail is a popular open-source groupware platform written in P
|
|||
|
||||
## Vulnerable Application
|
||||
|
||||
The Horde subcomponent Horde Form < 2.0.19 is affected. This module was specifically tested against Horde 5.2.22 and 5.2.17 with Horde Form < 2.0.19 installed with PEAR on Debian.
|
||||
The Horde subcomponent Horde Form < 2.0.19 is affected. This module was specifically tested against Horde Groupware Webmail Edition 5.2.22 and 5.2.17 with Horde Form 2.0.18 installed with PEAR on Debian.
|
||||
|
||||
## Verification Steps
|
||||
### Docker install on Ubuntu 18.04
|
||||
|
||||
Please folow these steps to setup a vulnerable version of Horde in Docker.
|
||||
Please folow these steps to setup a vulnerable version of Horde in Docker on a Ubuntu.
|
||||
|
||||
1. Set up a [Ubuntu](http://www.ubuntu.com/) box.
|
||||
1. Set up a [Ubuntu](http://www.ubuntu.com/) 18.04 box.
|
||||
2. Open a terminal, and enter: ```sudo apt-get install docker.io```. Make sure Docker is properly configured and your current user has permession to use it.
|
||||
3. Enter: ```mkdir horde_form_file_upload``` to create a folder.
|
||||
4. Enter: ```cd horde_form_file_upload``` to enter that folder.
|
||||
|
@ -69,6 +69,8 @@ ENTRYPOINT \
|
|||
7. Enter: ```docker run -p8888:80 --name horde-inst horde-img``` to run the Docker instance with the name ```horde-inst```.
|
||||
8. Get the Docker host ip for reverse connection. In Linux, enter: ```ip -4 addr show docker0 | grep -Po 'inet \K[\d.]+'```.
|
||||
|
||||
## Verification Steps
|
||||
|
||||
After setting up Horde, you can use your exploit module:
|
||||
|
||||
1. Start msfconsole
|
||||
|
@ -83,7 +85,9 @@ After setting up Horde, you can use your exploit module:
|
|||
10. Do: ```exploit```
|
||||
11. And you should get a session
|
||||
|
||||
## Demonstration
|
||||
## Scenarios
|
||||
|
||||
### Horde Groupware Webmail Edition 5.2.22 with Horde Form 2.0.18 on a Debian stretch on Docker running on an Ubuntu 16.04
|
||||
|
||||
```
|
||||
msf exploit(multi/http/horde_form_file_upload) > exploit
|
||||
|
|
Loading…
Reference in New Issue