MagnusBilling Remote Command Execution | allinfosecnews.com

Nov. 14, 2023, 1:13 a.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6.x and 7.x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec(). The parameter to exec() includes the GET parameter democ, which is controlled by the user and not properly sanitised/escaped. After successful exploitation, an unauthenticated user is able to execute arbitrary OS commands. The commands run with the …

application attackers call code command command injection demonstration exploits http injection metasploit parameter php piece request run unauthenticated vulnerability

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-6757-2 10 hours ago | packetstormsecurity.com

arbitrary code attacker code crash +16

Ubuntu Security Notice USN-6762-1 10 hours ago | packetstormsecurity.com

arbitrary code attacker attackers code +15

SOPlanning 1.52.00 SQL Injection 10 hours ago | packetstormsecurity.com

injection php projects sql +5

SOPlanning 1.52.00 Cross Site Request Forgery 10 hours ago | packetstormsecurity.com

forgery php request version +2

SOPlanning 1.52.00 Cross Site Scripting 10 hours ago | packetstormsecurity.com

cross site scripting php scripting version +2

Red Hat Security Advisory 2024-2679-03 10 hours ago | packetstormsecurity.com

advisory enterprise free linux +7

Red Hat Security Advisory 2024-2674-03 10 hours ago | packetstormsecurity.com

advisory enterprise kernel linux +5

Red Hat Security Advisory 2024-2071-03 10 hours ago | packetstormsecurity.com

advisory bugs container fix +10

Red Hat Security Advisory 2024-2068-03 10 hours ago | packetstormsecurity.com

advisory bugs container denial of service +13

Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)

@ IREX | Ramallah, West Bank, Palestinian National Authority

View on infosec-jobs.com

Consultant(e) Junior Cybersécurité

@ Sia Partners | Paris, France

View on infosec-jobs.com

Senior Network Security Engineer

@ NielsenIQ | Mexico City, Mexico

View on infosec-jobs.com

Senior Consultant, Payment Intelligence

@ Visa | Washington, DC, United States

View on infosec-jobs.com

Corporate Counsel, Compliance

@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX

View on infosec-jobs.com

Security Operations Engineer

@ Samsara | Remote - US

View on infosec-jobs.com