The highlight parameter in the viewtopic.php script is not properly sanitized when it is decoded, this is exploited by this module to execute arbitrary php code on a vulnerable server in order to upload and execute an agent. When the target platform is Windows, this module leaves a file at the phpBB installation path with the name: decoded-XXXXXX.exe (where XXXXXX is a random number). This file will not be removed on agent uninstall, so it must be manually deleted.
Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). The target path used when launching this module against an Apache Server must be handled by the Apache Connector or the exploit will not succeed.
The Administration Console of Oracle GlassFish Server is prone to a authentication bypass vulnerability, which can be achieved by performing HTTP TRACE requests. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable server. This module will create a backdoor administrator account in the Administration Console of Oracle GlassFish and then deploy a .WAR application in order to install an agent on the target server.
Oracle Database Server is prone to a remote vulnerability that allows attackers to poison the data handled by the remote 'TNS Listener' component of the application. This module tries to verify if the vulnerability is present in the 'TNS Listener' component of the database server, without deploying an agent.
Subscribe to Linux