all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

MagnusBilling Remote Command Execution

Add to bookmarks
Nov. 14, 2023, 1:13 a.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6.x and 7.x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec(). The parameter to exec() includes the GET parameter democ, which is controlled by the user and not properly sanitised/escaped. After successful exploitation, an unauthenticated user is able to execute arbitrary OS commands. The commands run with the …

application attackers call code command command injection demonstration exploits http injection metasploit parameter php piece request run unauthenticated vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

libcue 2.2.1 Out-Of-Bounds Access 13 hours ago | packetstormsecurity.com
access api array cue +15
Microsoft Defender Anti-Malware PowerShell API Arbitrary Code Execution 1 day, 14 hours ago | packetstormsecurity.com
anti-malware api apis arbitrary code +10
ISPConfig 3.2.11 PHP Code Injection 1 day, 16 hours ago | packetstormsecurity.com
code code injection injection php +1
Ubuntu Security Notice USN-6542-1 1 day, 16 hours ago | packetstormsecurity.com
attacker automated denial of service file +13
osCommerce 4 SQL Injection 1 day, 16 hours ago | packetstormsecurity.com
injection sql sql injection version +1
Red Hat Security Advisory 2023-7705-03 1 day, 16 hours ago | packetstormsecurity.com
advisory apache build denial of service +12
Red Hat Security Advisory 2023-7704-03 1 day, 16 hours ago | packetstormsecurity.com
advisory bugs denial of service fix +12
Red Hat Security Advisory 2023-7703-03 1 day, 16 hours ago | packetstormsecurity.com
advisory denial of service openshift pipelines +6
Red Hat Security Advisory 2023-7699-03 1 day, 16 hours ago | packetstormsecurity.com
advisory client denial of service openshift +7

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Protect Democracy | Remote, US
View on infosec-jobs.com

Environmental Compliance Lead

@ EDF Energy | Bristol, GB
View on infosec-jobs.com

IT Consultant Network w/m/d Wireless (WiFi6, Mobilfunk 5G)

@ Computacenter | Berlin, DE, 12099
View on infosec-jobs.com

Senior - Cyber Infrastructure Protection

@ Deloitte | Madrid, España
View on infosec-jobs.com

GRC (Governance, Risk & Compliance) | 4 to 6 Years | Mumbai, Bengaluru & Chennai

@ Capgemini | Bengaluru, MH, IN
View on infosec-jobs.com

Technology Risk & Controls Advisory - Experienced Consultant

@ Wavestone | London, United Kingdom
View on infosec-jobs.com
View more jobs