PT-2026-5473

Name of the Vulnerable Software and Affected Versions Wing FTP Server version 6.3.8 Description The software contains a remote code execution issue in its Lua-based web console. Authenticated users can execute system commands by sending malicious commands via POST requests. The os.execute functio...

Kong Gateway Admin API Remote Code Execution

This module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute. After execution the route is deleted, which also deletes the plugin. Module Options msf use...

Wing FTP Server Authenticated Command Execution

This module exploits the embedded Lua interpreter in the admin web interface for versions 3.0.0 and above. When supplying a specially crafted HTTP POST request an attacker can use os.execute to execute arbitrary system commands on the target with SYSTEM privileges. This module requires Metasploit...

Setuid Nmap Exploit

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...