- Joined
- May 15, 2017
- Messages
- 984
- Likes
- 758
- Points
- 1,045
This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required.
However, this module can bypass authentication via SQL injection.
Site: https://dl.packetstormsecurity.net/2003-exploits/rconfig_ajaxarchivefiles_rce.rb.txt