OS Command Injection | Core Security

This module exploits an OS Command Injection to deploy an agent in VMWare Aria Operations for Networks (aka vRealize Network Insight). The vulnerability is in the evictPublishedSupportBundles function of ScriptUtils class. The deployed agent will run with root user privileges.

This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserCheckClientCert function of MOVEit.DMZ.ClassLib.UserEngine class. The deployed agent will run with moveitsvc user privileges.

This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserProcessPassChangeRequest function of MOVEit.DMZ.ClassLib.UserEngine class. The deployed agent will run with moveitsvc user privileges.

This module exploits an CL Command Injection in IBM i DDM Service to upload an agent as a .zip file to a writable directory using printf commands in a QSHell session. Then another QSHell session is used to execute it and then remove the zip file.

This module exploits an SQL injection to deploy an agent in Progress MOVEit Transfer. The vulnerability is in the UserGetUsersWithEmailAddress function of UserEngine class. The deployed agent will run with moveitsvc user privileges.

This module exploits a custom java bean validator to deploy an agent in VMware Workspace ONE Access. The vulnerability is in the validateClaimRuleCondition function of ClaimTransformationHelper class. The deployed agent will run with horizon user privileges.

Subscribe to OS Command Injection

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum