IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution

Posted by deepcore on August 23, 2017 – 4:35 am

This Metasploit module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The ‘welcomeServer’ SOAP service does not properly validate user input in the ‘new_home_page’ parameter of the ‘saveHomePage’ method allowing arbitrary PHP code to be written to the config.php file. The config.php file is executed in most pages within the application, and accessible directly via the web root, resulting in code execution. This Metasploit module has been tested successfully on IBM OpenAdmin Tool 3.14 on Informix 12.10 Developer Edition (SUSE Linux 11) virtual appliance.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« VMware VDP Known SSH Key Disk Pulse Enterprise 9.9.16 Buffer Overflow »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL