12 matches found
LibreNMS addhost Command Injection (CVE-2018-20434)
A command injection vulnerability exists in LibreNMS. This vulnerability is due to incorrect parsing of the community HTTP header. A remote attacker can exploit this vulnerability by sending a crafted HTTP request to the target server...
LibreNMS 1.46 - addhost Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.0...
LibreNMS 1.46 - addhost Remote Code Execution
LibreNMS 1.46 - addhost Remote Code Execution !/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.04 / PHP...
LibreNMS 1.46 addhost Remote Code Execution
!/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.04 / PHP 7.2.10 ''' import requests from urllib import...
LibreNMS 1.46 - 'addhost' Remote Code Execution
!/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.04 / PHP 7.2.10 ''' import requests from urllib import...
LibreNMS - addhost Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in the open source network management software known as LibreNMS. The community parameter used in a POST request to the addhost functionality is unsanitized. This parameter is later used as part of a shell command that gets passed ...
LibreNMS - addhost Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS addhost Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the open source network...
CVE-2018-20434
creationtimestamp| type| source ---|---|--- 2019-06-04 17:58:45+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/librenmsaddhostcmdinject.rb 2019-06-05 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46970 2019-06-28 00:00:00+00:00...
LibreNMS addhost Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS addhost Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the open source network...
LibreNMS addhost Command Injection
This module exploits a command injection vulnerability in the open source network management software known as LibreNMS. The community parameter used in a POST request to the addhost functionality is unsanitized. This parameter is later used as part of a shell command that gets passed to the pope...
CVE-2018-20434
LibreNMS 1.46 is affected by CVE-2018-20434. The vulnerability allows remote command execution via the POST parameter $_POST['community'] used in html/pages/addhost.inc.php during device creation. A subsequent request to /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost tri...
CVE-2018-20434 - LibreNMS Addhost Command Injection
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $POST'community' parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajaxoutput.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers...