Showing 1 - 2 of 2

Files from Nicky Bloor

First Active	2016-07-26
Last Active	2018-01-31

BMC Server Automation RSCD Agent NSH Remote Command Execution: Posted Jan 31, 2018; Authored by Nicky Bloor, Olga Yanushkevich | Site metasploit.com; This Metasploit module exploits a weak access control check in the BMC Server Automation RSCD agent that allows arbitrary operating system commands to be executed without authentication. Note: Under Windows, non-powershell commands may need to be prefixed with 'cmd /c'.; tags | exploit, arbitrary; systems | windows; advisories | CVE-2016-1542, CVE-2016-1543; SHA-256 | 020bc853633a23b3189378857da4cf64c9fbfa92972a9d8257b10605b54490ec; Download | Favorite | View

Drupal CODER Module Remote Command Execution: Posted Jul 26, 2016; Authored by Mehmet Ince, Nicky Bloor | Site metasploit.com; This Metasploit module exploits a Remote Command Execution vulnerability in Drupal CODER Module. Unauthenticated users can execute arbitrary command under the context of the web server user. CODER module doesn't sufficiently validate user inputs in a script file that has the php extension. A malicious unauthenticated user can make requests directly to this file to execute arbitrary command. The module does not need to be enabled for this to be exploited This Metasploit module was tested against CODER 2.5 with Drupal 7.5 installation on Ubuntu server.; tags | exploit, remote, web, arbitrary, php; systems | linux, ubuntu; SHA-256 | c2f68a1f88f2debe64ed7c3bfc2c1d55da4a489cfb8fa21f908ddcc48debacb0; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days