Land #8564, Fix cryptolog desc

bug/bundler_fix
Pearce Barry 2017-06-15 13:39:56 -05:00
commit cab64fc8b2
No known key found for this signature in database
GPG Key ID: 0916F4DEA5C5DE0A
1 changed files with 11 additions and 7 deletions

View File

@ -12,16 +12,20 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info, super(update_info(info,
'Name' => "Crypttech CryptoLog Remote Code Execution", 'Name' => "Crypttech CryptoLog Remote Code Execution",
'Description' => %q{ 'Description' => %q{
This module exploits the sql injection and command injection vulnerability of CryptoLog. An un-authenticated user can execute a This module exploits a SQL injection and command injection vulnerability in the PHP version of CryptoLog.
terminal command under the context of the web user. An unauthenticated user can execute a terminal command under the context of the web user. These vulnerabilities
are no longer present in the ASP.NET version CryptoLog, available since 2009.
login.php endpoint is responsible for login process. One of the user supplied parameter is used by the application without input validation CryptoLog's login.php endpoint is responsible for the login process. One of the user supplied parameters is
and parameter binding. Which cause a sql injection vulnerability. Successfully exploitation of this vulnerability gives us the valid session. used by the application without input validation and parameter binding, which leads to SQL injection
vulnerability. Successfully exploitating this vulnerability gives a the valid session.
logshares_ajax.php endpoint is responsible for executing an operation system command. It's not possible to access this endpoint without having CryptoLog's logshares_ajax.php endpoint is responsible for executing an operation system command. It's not
a valid session. One user parameter is used by the application while executing operating system command which cause a command injection issue. possible to access this endpoint without having a valid session. One user parameter is used by the
application while executing an operating system command, which causes a command injection issue.
Combining these vulnerabilities gives us opportunity execute operation system command under the context of the web user. Combining these vulnerabilities gives the opportunity execute operation system commands under the context
of the web user.
}, },
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => 'Author' =>