Feng Office 3.7.0.5 Remote Command Execution

Posted by deepcore on March 1, 2019 – 5:55 pm

This Metasploit module exploits an arbitrary file upload vulnerability in Feng Office version 3.7.0.5. The application allows unauthenticated users to upload arbitrary files. There is no control of any session. All files are sent under /tmp directory. The .htaccess file under the /tmp directory prevents files with the php, php2, and php3 extensions. This exploit creates the php payload and moves the payload to the main directory via shtml. After moving the php payload to the main directory, the exploit executes payload and receives a shell.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« FTP Server 1.32 Denial Of Service WordPress Cerber 8.0 Bypass »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Feng Office 3.7.0.5 Remote Command Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL