From f34a0b5d3128dcda7bc8a52b66909fe90d2c3991 Mon Sep 17 00:00:00 2001 From: Valentin Lobstein Date: Thu, 12 Mar 2026 20:44:19 +0100 Subject: [PATCH] Fix: Address PR review feedback for openDCIM module Add ARTIFACTS_ON_DISK side effect and fetch payload note in docs. --- .../modules/exploit/linux/http/opendcim_install_sqli_rce.md | 4 ++++ modules/exploits/linux/http/opendcim_install_sqli_rce.rb | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/documentation/modules/exploit/linux/http/opendcim_install_sqli_rce.md b/documentation/modules/exploit/linux/http/opendcim_install_sqli_rce.md index 6ce591b15e..0ca1536ee9 100644 --- a/documentation/modules/exploit/linux/http/opendcim_install_sqli_rce.md +++ b/documentation/modules/exploit/linux/http/opendcim_install_sqli_rce.md @@ -104,6 +104,10 @@ deployments are configured in the wild. No HTTP credentials are needed. `HttpPassword` accordingly. Any valid Apache credential is enough - `install.php` has no role check. +**Note:** The fetch payload handler is not supported with Target 0 (Unix/Linux Command Shell) +since standard fetch tools (curl, wget, etc.) are typically not available in the target's +execution context (`exec()` via Graphviz dot path). + ## Verification Steps 1. Start msfconsole diff --git a/modules/exploits/linux/http/opendcim_install_sqli_rce.rb b/modules/exploits/linux/http/opendcim_install_sqli_rce.rb index f943b54f65..c2834c64c4 100644 --- a/modules/exploits/linux/http/opendcim_install_sqli_rce.rb +++ b/modules/exploits/linux/http/opendcim_install_sqli_rce.rb @@ -68,7 +68,7 @@ class MetasploitModule < Msf::Exploit::Remote 'Notes' => { 'Stability' => [CRASH_SAFE], 'Reliability' => [REPEATABLE_SESSION], - 'SideEffects' => [IOC_IN_LOGS] + 'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK] } ) )