Mida Solutions eFramework ajaxreq.php Command Injection

Posted by deepcore on September 17, 2020 – 10:44 am

This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to execute any command as root without providing a password, resulting in privileged command execution as root. This module has been successfully tested on Mida Solutions eFramework-C7-2.9.0 virtual appliance.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [remote] Microsoft SQL Server Reporting Services 2016 – Remote Code Execution 1CRM 8.6.7 Insecure Direct Object Reference »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Mida Solutions eFramework ajaxreq.php Command Injection

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL