Jorani Remote Code Execution

Posted on 21 August 2023

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass via header spoofing and then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0.