1337day-Exploits Posted November 7, 2019 Share Posted November 7, 2019 This Metasploit module exploits an unauthenticated command injection vulnerability in rConfig versions 3.9.2 and prior. The install directory is not automatically removed after installation, allowing unauthenticated users to execute arbitrary commands via the ajaxServerSettingsChk.php file as the web server user. This module has been tested successfully on rConfig version 3.9.2 on CentOS 7.7.1908 (x64). This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts