Cockpit CMS 0.11.1 NoSQL Injection / Remote Command Execution
Posted by deepcore on April 21, 2021 – 10:52 pm
This Metasploit module exploits two NoSQL injection vulnerabilities to retrieve the user list and password reset tokens from the system. Next, the USER is targeted to reset their password. Then, a command injection vulnerability is used to execute the payload. While it is possible to upload a payload and execute it, the command injection provides a no disk write method which is more stealthy. Cockpit CMS versions 0.10.0 through 0.11.1, inclusive, contain all the necessary vulnerabilities for exploitation.
Post a reply
You must be logged in to post a comment.