This module exploits an argument injection vulnerability in PHP up to version 5.3.12 and 5.4.2 when running as a standalone CGI processor and takes advantage of the -d flag to achieve remote code execution.
This module exploits a Remote Code Execution vulnerability in PHPMyAdmin installing an agent. In PHPMyAdmin 3.0.0 RC1 it works with MYSQL 5 and above. In PHPMyAdmin 2.9.11 and below, it works if the databes is before MYSQL 5 This module starts a web server on the Core Impact Console to publish the agent, which is downloaded from the target. It only works for Cookie-Authenticated sites.
The highlight parameter in the viewtopic.php script is not properly sanitized when it is decoded, this is exploited by this module to execute arbitrary php code on a vulnerable server in order to upload and execute an agent. When the target platform is Windows, this module leaves a file at the phpBB installation path with the name: decoded-XXXXXX.exe (where XXXXXX is a random number). This file will not be removed on agent uninstall, so it must be manually deleted.
Exploits a buffer overflow in the Apache Connector of Oracle WebLogic Server (formerly known as BEA WebLogic Server). The target path used when launching this module against an Apache Server must be handled by the Apache Connector or the exploit will not succeed.
The Administration Console of Oracle GlassFish Server is prone to a authentication bypass vulnerability, which can be achieved by performing HTTP TRACE requests. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable server. This module will create a backdoor administrator account in the Administration Console of Oracle GlassFish and then deploy a .WAR application in order to install an agent on the target server.
Subscribe to Linux