CVE-2015-2845

Related Files

GoAutoDial 3.3 Authentication Bypass / Command Injection

Posted Jul 5, 2017

Authored by Chris McCurley | Site metasploit.com

This Metasploit module exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database. Command injection will be performed with root privileges. The default pre-packaged ISO builds are available from goautodial.org. Currently, the hardcoded command injection payload is an encoded reverse-tcp bash one-liner and the handler should be setup to receive it appropriately.

tags | exploit, root, tcp, sql injection, bash

advisories | CVE-2015-2843, CVE-2015-2845

SHA-256 | 94721ce87cbcec20c3b6fb430d3119351af84675d49a97004d25f1efe7edfa5d

Download | Favorite | View

GoAutoDial SQL Injection / Command Execution / File Upload

Posted Apr 21, 2015

GoAutoDial versions 3.3-1406088000 and below suffer from arbitrary file upload, command injection, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload

advisories | CVE-2015-2842, CVE-2015-2843, CVE-2015-2844, CVE-2015-2845

SHA-256 | 7256456084495a4dbe3a66cfe151aa2d0781d6b24ed4d1d7335c61904ecd970c

Download | Favorite | View