what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Graeme Robinson

Apache NiFi API Remote Code Execution

Posted Nov 28, 2020

Authored by Graeme Robinson | Site metasploit.com

This Metasploit module uses the NiFi API to create an ExecuteProcess processor that will execute OS commands. The API must be unsecured (or credentials provided) and the ExecuteProcess processor must be available. An ExecuteProcessor processor is created then is configured with the payload and started. The processor is then stopped and deleted.

tags | exploit

SHA-256 | b437b66f2c8618f8c04df9a7df92d09d11a6da720c7f0e0b83b4d0ced50bc1b8

Download | Favorite | View

Kong Gateway Admin API Remote Code Execution

Posted Nov 25, 2020

Authored by Graeme Robinson | Site metasploit.com

This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute(). After execution the route is deleted, which also deletes the plugin.

tags | exploit

SHA-256 | 4bafd791ffc69e6f0e7e5e659d5843334eaeb9b206ab4512782cccf29ffe011a

Download | Favorite | View

WordPress Simple Fields 0.3.5 File Inclusion / Remote Code Execution

Posted Apr 9, 2018

Authored by Graeme Robinson

WordPress Simple Fields plugin versions 0.2 through 0.3.5 suffer from file inclusion and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion

SHA-256 | 4338cd5a6fee565ad17148aae284a9aeb2d14240ccb815f68d640689e9cfc13c

Download | Favorite | View