TrixBox CE 2.8.0.4 Command Execution

Posted by deepcore on May 6, 2020 – 7:43 pm

This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpoint_devicemap.php page. Successful exploitation allows for arbitrary command execution on the underlying operating system as the asterisk user. Users can easily elevate their privileges to the root user however by executing sudo nmap –interactive followed by !sh from within nmap.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« IBM Data Risk Manager 2.0.3 Default Password ATutor LMS 2.2.4 Weak Password Reset Hash »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

TrixBox CE 2.8.0.4 Command Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL