China Chopper Caidao PHP Backdoor Code Execution
This Metasploit module takes advantage of the China Chopper Webshell that is commonly used by Chinese hackers.
View ArticlePostgreSQL CREATE LANGUAGE Execution
Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To...
View ArticleApache Struts 2.3.28 Dynamic Method Invocation Remote Code Execution
This Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed via...
View ArticleApache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution
This Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed when...
View ArticleNetcore Router Udp 53413 Backdoor
Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the...
View ArticleApache Struts Jakarta Multipart Parser OGNL Injection
This Metasploit module exploits a remote code execution vulnerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header....
View ArticleMicrosoft Office Word Malicious Hta Execution
This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a http(s)...
View ArticleDrupal Drupalgeddon 2 Forms API Property Injection
This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable.
View ArticleApache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution
This Metasploit module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote code execution can be performed via a...
View Article