Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
banner Expire 25 April 2025
adv ex on 22 February 2024
Kfc Club

Patrick Stash
banner expire at 13 August 2024
BidenCash Shop
banner Expire 10 May 2025
Money Club cc shop
Yale lodge shop
UniCvv
banner Expire 1 April  2021

Rconfig 3.x Chained Remote Code Execution

Cowboy

TRUSTED VENDOR
Joined
Apr 18, 2024
Messages
285
This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required.

However, this module can bypass authentication via SQL injection.

Site: https://dl.packetstormsecurity.net/2003-exploits/rconfig_ajaxarchivefiles_rce.rb.txt
 
Top Bottom