Home / os / win10

ZeroShell 3.9.0 Remote Command Execution

Posted on 24 November 2020

This Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar options.

 

TOP

Malware :

Exploits :