Mako Server 2.5 Command Injection

Mako Server 2.5 Command Injection

This Metasploit module exploits a vulnerability found in Mako Server version 2.5. It’s possible to inject arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Attacker input will be saved on the victims machine and can be executed by sending a GET request to manage.lsp. Source: Mako Server 2.5 […]

The post Mako Server 2.5 Command Injection appeared first on MondoUnix.

tnftp “savefile” Arbitrary Command Execution

tnftp “savefile” Arbitrary Command Execution

This Metasploit module exploits an arbitrary command execution vulnerability in tnftp’s handling of the resolved output filename – called “savefile” in the source – from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component of the requested resource. If the output filename […]

The post tnftp “savefile” Arbitrary Command Execution appeared first on MondoUnix.