Vulnerability & Exploit Database

Back to search

MicroFocus Secure Messaging Gateway Remote Code Execution

This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter binding, which leads to SQL injection vulnerability. Successfully exploiting this vulnerability gives a ability to add new user onto system. manage_domains_dkim_keygen_request.php endpoint is responsible for executing an operation system command. It's not possible to access this endpoint without having a valid session. Combining these vulnerabilities gives the opportunity execute operation system commands under the context of the web user.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/linux/http/microfocus_secure_messaging_gateway

Authors

  • Mehmet Ince <mehmet [at] mehmetince.net>

References

Targets

  • Automatic

Platforms

  • php

Architectures

  • php

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/http/microfocus_secure_messaging_gateway msf exploit(microfocus_secure_messaging_gateway) > show targets ...targets... msf exploit(microfocus_secure_messaging_gateway) > set TARGET <target-id> msf exploit(microfocus_secure_messaging_gateway) > show options ...show and set options... msf exploit(microfocus_secure_messaging_gateway) > exploit