infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Another minor grammer changes

bug/bundler_fix
Mehmet Ince 2016-09-20 19:23:28 +03:00
parent edc086167c
commit fb00d1c556
No known key found for this signature in database
GPG Key ID: 11EF24A306357530
2 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
documentation/modules/exploit/linux/http/kaltura_unserialize_rce.md
View File

@ -2,7 +2,7 @@
This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user.
Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized function parameter. The object constructed is based on the SektionEins Zend code execution POP chain PoC, with a minor modification to ensure Kaltura processes it and the Zend_Log function's __destruct() method is called. Kaltura prior to 11.1.0-2 versions are affected by issue.
Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized function parameter. The constructed object is based on the SektionEins Zend code execution POP chain PoC, with a minor modification to ensure Kaltura processes it and the Zend_Log function's __destruct() method is called. Kaltura versions prior to 11.1.0-2 are affected by this issue.
**Vulnerable Application Installation Steps**
@ -10,7 +10,7 @@ Kaltura has their own RPM and/or DEB packages to help us to install it without a
Following steps are valid on the CentOS 6 x64 bit operating system.
1. Install CentOS-6 x64 and run `yum update -y` in order to fetch and install the latest packages. Also seting the hostname to something like _kalturahack.dev_ would be wise, because it will be used during Kaltura installation.
1. Install CentOS-6 x64 and run `yum update -y` in order to fetch and install the latest packages. Also setting the hostname to something like _kalturahack.dev_ would be wise, because it will be used during Kaltura installation.
2. Disable iptables and selinux.
```
iptables -F

7
modules/exploits/linux/http/kaltura_unserialize_rce.rb
View File

@ -20,11 +20,10 @@ class MetasploitModule < Msf::Exploit::Remote
and then use it as an unserialized function parameter. The object
constructed is based on the SektionEins Zend code execution POP chain PoC,
with a minor modification to ensure Kaltura processes it and the
Zend_Log function's __destruct() method is called. Kaltura prior to
11.1.0-2 versions are affected by issue.
Zend_Log function's __destruct() method is called. Kaltura versions
prior to 11.1.0-2 are affected by this issue.
This module was tested against Kaltura 11.1.0 installation on
Ubuntu server and CentOS 6.8.
This module was tested against Kaltura 11.1.0 installed on CentOS 6.8.
},
'License' => MSF_LICENSE,
'Author' =>