Cayin CMS NTP Server 11.0 Remote Code Execution
Posted by deepcore on June 19, 2020 – 7:43 pm
This Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file’s ntpIp Parameter. The field is limited in size, so repeated requests are made to achieve a larger payload. Cayin CMS-SE is built for Ubuntu 16.04 (20.04 failed to install correctly), so the environment should be pretty set and not dynamic between targets. Results in root level access.
Post a reply
You must be logged in to post a comment.