module
Piwik Superuser Plugin Upload
| Disclosed | Created |
|---|---|
| 02/05/2017 | 05/30/2018 |
Disclosed
02/05/2017
Created
05/30/2018
Description
This module will generate a plugin, pack the payload into it
and upload it to a server running Piwik. Superuser Credentials are
required to run this module. This module does not work against Piwik 1
as there is no option to upload custom plugins. Piwik disabled
custom plugin uploads in version 3.0.3. From version 3.0.3 onwards you
have to enable custom plugin uploads via the config file.
Tested with Piwik 2.14.0, 2.16.0, 2.17.1 and 3.0.1.
and upload it to a server running Piwik. Superuser Credentials are
required to run this module. This module does not work against Piwik 1
as there is no option to upload custom plugins. Piwik disabled
custom plugin uploads in version 3.0.3. From version 3.0.3 onwards you
have to enable custom plugin uploads via the config file.
Tested with Piwik 2.14.0, 2.16.0, 2.17.1 and 3.0.1.
Author
FireFart
Platform
PHP
Architectures
php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/unix/webapp/piwik_superuser_plugin_upload
msf /(d) > show actions
...actions...
msf /(d) > set ACTION < action-name >
msf /(d) > show options
...show and set options...
msf /(d) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.