Supervisor XML-RPC Authenticated Remote Code Execution

Posted by deepcore on September 26, 2017 – 11:00 am

This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. This vulnerability can only be exploited by an authenticated client, or if supervisord has been configured to run an HTTP server without authentication. This vulnerability affects versions 3.0a1 to 3.3.2.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection BlueBorne BlueTooth Buffer Overflow Proof Of Concept »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Supervisor XML-RPC Authenticated Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL