MagnusBilling Remote Command Execution

This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6.x and 7.x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec(). The parameter to exec() includes the GET parameter democ, which is controlled by the user and not properly sanitised/escaped. After successful exploitation, an unauthenticated user is able to execute arbitrary OS commands. The commands run with the privileges of the web server process, typically www-data or asterisk. At a minimum, this allows an attacker to compromise the billing system and its database.   Exploit Files ≈ Packet Storm 

 

More To Explore

The Core of Modern Cybersecurity

Modern Cybersecurity and Security Control Validation In the ever-shifting sands of the cyber threat landscape, the need for a dynamic and robust cybersecurity posture has