LibreNMS Collectd Command Injection

Posted by deepcore on September 8, 2019 – 2:57 am

This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqli_escape_real_string() function, which permits backticks. These parameters are used as part of a shell command that gets executed via the passthru() function, which can result in code execution.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« WordPress Ecpay Logistics For WooCommerce 1.2.181030 Cross Site Scripting October CMS Upload Protection Bypass Code Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

LibreNMS Collectd Command Injection

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL