module

MicroFocus Secure Messaging Gateway Remote Code Execution

Try Surface Command
Back to search
Disclosed
06/19/2018
Created
03/19/2019

Description

This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway.
An unauthenticated user can execute a terminal command under the context of the web user.

One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter binding,
which leads to SQL injection vulnerability. Successfully exploiting this vulnerability gives a ability to add new user onto system.
manage_domains_dkim_keygen_request.php endpoint is responsible for executing an operation system command. It's not possible
to access this endpoint without having a valid session.

Combining these vulnerabilities gives the opportunity execute operation system commands under the context
of the web user.

Author

Mehmet Ince

Platform

PHP

Architectures

php

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

    msf > use exploit/linux/http/microfocus_secure_messaging_gateway
    msf /(y) > show actions
        ...actions...
    msf /(y) > set ACTION < action-name >
    msf /(y) > show options
        ...show and set options...
    msf /(y) > run
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today