Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit (2)

Posted by deepcore on July 28, 2016 – 6:06 am

This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware Version <= 8.0.1.007 and Load Balancer Firmware <= v5.4.0.004 by exploiting a two vulnerabilities in the web administration interface. The first bug leverages a Arbitrary File Upload vulnerability to create a malicious file containing shell commands before using a second bug meant to clean up left-over core files on the device to execute them. By sending a specially crafted requests it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Microsoft GDI+ Untrusted Data Filter Bypass Dropbox 6.4.14 DLL Hijacking »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Barracuda Web App Firewall/Load Balancer Post Auth Remote Root Exploit (2)

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL