Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked Xymon useradm Command Execution

1337day-Exploits

By BOT1337day-Exploits
in Updated Exploits

 Share

Recommended Posts

1337day-Exploits Hacker

BOT1337day-Exploits

Posted
Posted

This Metasploit module exploits a command injection vulnerability in Xymon versions before 4.3.25 which allows authenticated users to execute arbitrary operating system commands as the web server user. When adding a new user to the system via the web interface with useradm.sh, the user's username and password are passed to htpasswd in a call to system() without validation. This module has been tested successfully on Xymon version 4.3.10 on Debian 6.

This is the hidden content, please

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.