Netsweeper WebAdmin unixlogin.php Python Code Injection

Posted by deepcore on May 13, 2020 – 8:53 pm

This Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component’s unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based Netsweeper 6.4.3 and 6.4.4 ISOs. Though the advisory lists 6.4.3 and prior as vulnerable, 6.4.4 has been confirmed exploitable.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation SaltStack Salt Master/Minion Unauthenticated Remote Code Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Netsweeper WebAdmin unixlogin.php Python Code Injection

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL