infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #8564, Fix cryptolog desc

bug/bundler_fix
Pearce Barry 2017-06-15 13:39:56 -05:00
parent c1372456e2 49383f8f3a
commit cab64fc8b2
No known key found for this signature in database
GPG Key ID: 0916F4DEA5C5DE0A
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/exploits/linux/http/crypttech_cryptolog_login_exec.rb
View File

@ -12,16 +12,20 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => "Crypttech CryptoLog Remote Code Execution",
'Description' => %q{
This module exploits the sql injection and command injection vulnerability of CryptoLog. An un-authenticated user can execute a
terminal command under the context of the web user.
This module exploits a SQL injection and command injection vulnerability in the PHP version of CryptoLog.
An unauthenticated user can execute a terminal command under the context of the web user. These vulnerabilities
are no longer present in the ASP.NET version CryptoLog, available since 2009.
login.php endpoint is responsible for login process. One of the user supplied parameter is used by the application without input validation
and parameter binding. Which cause a sql injection vulnerability. Successfully exploitation of this vulnerability gives us the valid session.
CryptoLog's login.php endpoint is responsible for the login process. One of the user supplied parameters is
used by the application without input validation and parameter binding, which leads to SQL injection
vulnerability. Successfully exploitating this vulnerability gives a the valid session.
logshares_ajax.php endpoint is responsible for executing an operation system command. It's not possible to access this endpoint without having
a valid session. One user parameter is used by the application while executing operating system command which cause a command injection issue.
CryptoLog's logshares_ajax.php endpoint is responsible for executing an operation system command. It's not
possible to access this endpoint without having a valid session. One user parameter is used by the
application while executing an operating system command, which causes a command injection issue.
Combining these vulnerabilities gives us opportunity execute operation system command under the context of the web user.
Combining these vulnerabilities gives the opportunity execute operation system commands under the context
of the web user.
},
'License' => MSF_LICENSE,
'Author' =>