File tree Expand file tree Collapse file tree 1 file changed +5
-5
lines changed
modules/exploits/freebsd/http Expand file tree Collapse file tree 1 file changed +5
-5
lines changed Original file line number Diff line number Diff line change @@ -18,11 +18,11 @@ def initialize(info = {})
1818 super ( update_info ( info ,
1919 'Name' => 'Watchguard XCS Remote Command Execution' ,
2020 'Description' => %q{
21- This module exploits two seperate vulnerabilities found in the Watchguard XCS virtual appliance
22- to gain command execution. By exploiting an unauthenticated SQL injection vulnerability , a remote attacker may insert
23- a valid web user into the appliance database, and login to the web interface as this user. A
24- vulnerability in the web interface allows the attacker to inject operating system commands as the
25- 'nobody' user. The watchguard_local_root module can then be used for local privesc to root .
21+ This module exploits two separate vulnerabilities found in the Watchguard XCS virtual
22+ appliance to gain command execution. By exploiting an unauthenticated SQL injection, a
23+ remote attacker may insert a valid web user into the appliance database, and get access
24+ to the web interface. On the other hand, a vulnerability in the web interface allows the
25+ attacker to inject operating system commands as the 'nobody' user .
2626 } ,
2727 'Author' =>
2828 [
You can’t perform that action at this time.
0 commit comments