QNAP TS-431 QTS Remote Command Execution

Posted by deepcore on March 8, 2019 – 7:10 pm

This Metasploit module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access any server files except File Station files. The user who is authorized to create Virtual Web Server can upload malicious php file by activating the server. Exploit creates a new directory into File Station to connect to the web server. However, only the “index.php” file is allowed to work in the virtual web server directory. No files can be executed except “index.php”. Gives an access error. After the harmful “index.php” has been uploaded, the shell can be retrieved from the server. There is also the possibility of working in higher versions. Affects versions prior to 4.2.2.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« OrientDB 3.0.17 GA Community Edition XSS / CSRF Anyburn 4.x x86 Buffer Overflow »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

QNAP TS-431 QTS Remote Command Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL