what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 4 of 4

Files from elbae

Mida eFramework 2.8.9 Remote Code Execution

Posted Sep 28, 2020

Authored by elbae

Mida eFramework version 2.8.9 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution

advisories | CVE-2020-15922

SHA-256 | c8c3442a86453108afc78a8c318c4066965ecee2291d2821b49be30d0944428d

Download | Favorite | View

Mida eFramework 2.9.0 Backdoor Access

Posted Sep 21, 2020

Authored by elbae

Mida eFramework version 2.9.0 suffers from having a backdoor access vulnerability.

tags | exploit

advisories | CVE-2020-15921

SHA-256 | 86e2305e7a7f0d25c6dfbab6d4adb6739f2f26ffa8ef6c2b548172995425ddfb

Download | Favorite | View

Mida Solutions eFramework ajaxreq.php Command Injection

Posted Sep 16, 2020

Authored by Brendan Coles, elbae | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to execute any command as root without providing a password, resulting in privileged command execution as root. This module has been successfully tested on Mida Solutions eFramework-C7-2.9.0 virtual appliance.

tags | exploit, arbitrary, root, php

advisories | CVE-2020-15920

SHA-256 | 4878a731edc0be4c0ac00692ed93b267a31861eb08b009ecca9a7586cc59c464

Download | Favorite | View

Mida eFramework 2.9.0 Remote Code Execution

Posted Aug 27, 2020

Authored by elbae

Mida eFramework version 2.9.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution

advisories | CVE-2020-15920

SHA-256 | 1d91860562323de0b96d48e3fab2bd5c3cff83336de0debd04431d028e64421a

Download | Favorite | View