|
93808 | 93808 | "session_types": false, |
93809 | 93809 | "needs_cleanup": null |
93810 | 93810 | }, |
| 93811 | + "exploit_multi/misc/qemu_monitor_hmp_migrate_cmd_exec": { |
| 93812 | + "name": "QEMU Monitor HMP 'migrate' Command Execution", |
| 93813 | + "fullname": "exploit/multi/misc/qemu_monitor_hmp_migrate_cmd_exec", |
| 93814 | + "aliases": [ |
| 93815 | + |
| 93816 | + ], |
| 93817 | + "rank": 600, |
| 93818 | + "disclosure_date": "2011-12-02", |
| 93819 | + "type": "exploit", |
| 93820 | + "author": [ |
| 93821 | + |
| 93822 | + ], |
| 93823 | + "description": "This module uses QEMU's Monitor Human Monitor Interface (HMP)\n TCP server to execute system commands using the `migrate` command.\n\n This module has been tested successfully on QEMU version 6.2.0\n on Ubuntu 20.04.", |
| 93824 | + "references": [ |
| 93825 | + "URL-https://wiki.qemu.org/ToDo/HMP", |
| 93826 | + "URL-https://www.qemu.org/docs/master/system/monitor.html", |
| 93827 | + "URL-https://www.qemu.org/docs/master/system/security.html", |
| 93828 | + "URL-https://www.linux-kvm.org/page/Migration" |
| 93829 | + ], |
| 93830 | + "platform": "Linux,Unix", |
| 93831 | + "arch": "cmd, aarch64, armle, x86, x64", |
| 93832 | + "rport": null, |
| 93833 | + "autofilter_ports": [ |
| 93834 | + |
| 93835 | + ], |
| 93836 | + "autofilter_services": [ |
| 93837 | + |
| 93838 | + ], |
| 93839 | + "targets": [ |
| 93840 | + "Automatic", |
| 93841 | + "Unix (Command)", |
| 93842 | + "Linux (Dropper)" |
| 93843 | + ], |
| 93844 | + "mod_time": "2022-02-07 17:48:27 +0000", |
| 93845 | + "path": "/modules/exploits/multi/misc/qemu_monitor_hmp_migrate_cmd_exec.rb", |
| 93846 | + "is_install_path": true, |
| 93847 | + "ref_name": "multi/misc/qemu_monitor_hmp_migrate_cmd_exec", |
| 93848 | + "check": true, |
| 93849 | + "post_auth": false, |
| 93850 | + "default_credential": false, |
| 93851 | + "notes": { |
| 93852 | + "Stability": [ |
| 93853 | + "crash-safe" |
| 93854 | + ], |
| 93855 | + "Reliability": [ |
| 93856 | + "repeatable-session" |
| 93857 | + ], |
| 93858 | + "SideEffects": [ |
| 93859 | + "ioc-in-logs", |
| 93860 | + "artifacts-on-disk" |
| 93861 | + ] |
| 93862 | + }, |
| 93863 | + "session_types": false, |
| 93864 | + "needs_cleanup": true |
| 93865 | + }, |
93811 | 93866 | "exploit_multi/misc/ra1nx_pubcall_exec": { |
93812 | 93867 | "name": "Ra1NX PHP Bot PubCall Authentication Bypass Remote Code Execution", |
93813 | 93868 | "fullname": "exploit/multi/misc/ra1nx_pubcall_exec", |
|
0 commit comments